Published On: Thu, Sep 7th, 2017

NVIDIA, Qualcomm, MediaTek, and Huawei Chips Open to Zero-Day Security Flaws

Exploitable confidence vulnerabilities have been detected in chipsets used by Huawei, Qualcomm, MediaTek, and Nvidia. Used by renouned Android inclination sole by Sony, Google and Huawei, a vulnerabilities are tied to a phone’s bootloader firmware according to University of California during Santa Barbara mechanism scientists.

Multiple vulnerabilities reported in renouned Android bootloaders

Security researchers have reported (PDF) during slightest 6 vulnerabilities in mobile bootloaders, 5 of that are 0 day flaws. “We evaluated bootloaders from 4 vital device manufacturers, and detected 6 formerly opposite memory crime or rejection of use vulnerabilities, as good as dual unlock-bypass vulnerabilities,” a group wrote.

pixel-4-5Related The Google Pixel 2 Will Feature The Snapdragon 836 Claims Famed Tipster As Reliable Sources Set Up For Conflict

The vulnerabilities could be used to concede a phone’s bootloader system, section a device, perform rejection of use (DoS) attacks, and govern capricious code. The Santa Barbara group detected these flaws regulating a BOOTSTOMP tool, which uses immobile investigate and energetic mystic execution to locate problem areas in mobile firmware.

“An assailant has to have base capabilities over a phone to feat one of these 6 vulnerabilities,” Nilo Redini, one of a 9 mechanism scientists who coauthored a report, wrote. “One competence say, ‘Well if they have base access, that’s already diversion over. Why even bother?’”

However, Redini combined that “if one can concede a bootloader, they could grasp some-more than base capabilities and, for example, meddle with ARM’s TrustZone.”

TrustZone is a SoC (System on Chip) that is widely used on Android phones and is deliberate a secure chip using out of a categorical OS and processor, doing secure processes like device encryption.

google-pixel-2-concept-2-2Related Google’s Pixel 2 Pixel 2 XL Will Be Powered By Qualcomm’s Snapdragon 836 Claims Reliable Source

Affected bootloaders – Huawei’s is a many severe

Over 60 percent of latest mobile inclination use Qualcomm chipsets. These embody high-end inclination like Google Pixel. MediaTek is also a vital chip builder with a processors found in Sony’s handsets, among others. The researchers wrote that they examined 5 opposite bootloaders during this research. These include:

  • Huawei P8 ALE-L23 (Huawei / HiSilicon chipset)
  • Sony Xperia XA (MediaTek chipset)
  • Nexus 9 (NVIDIA Tegra chipset)
  • Two versions of Qualcomm’s LK-based bootloader

Researchers focused on Huawei due to a design of a bootloader, job a flaws a many severe, as it authorised enemy to mangle a Chain of Trust. “This disadvantage would not usually concede one to mangle a sequence of trust, though it would also consecrate a means to settle diligence within a device that is not simply detectable by a user, or accessible to any other kind of attack,” a news said.

Huawei has reliable all a reported 5 vulnerabilities in a bootloader, while NVIDIA is operative with a confidence researchers on a fix. It is misleading during a impulse if any of a rags were delivered to a handsets as partial of Google’s latest Android Security Bulletin.

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>