Close
Close

Published

Six major Android vulnerabilities found, but will they shake MNOs’ apathy?

Security researchers from the University of California at Santa Barbara have discovered six major vulnerabilities in Android smartphone bootloaders. Found in chipsets from Huawei, MediaTek, Nvidia and Qualcomm, the vulnerabilities could be used to attack and overhaul a device. Five of the six vulnerabilities were zero-days, meaning they have been present since they originally shipped. These flaws completely undermine the Chain of Trust (CoT) in the devices, but are unlikely to shake MNOs out of their habitual apathy about device security. Called BootStomp, the researcher’s tool found ways to exploit the flawed bootloader, which will apparently let them execute malicious code and perform denial-of-service (DoS) attacks, and even brick the device remotely. BootStomp’s tools primarily involved dynamic symbolic execution and…

Close