The flaw exists because of a backdoor left open by Foxconn engineers.
Sometimes companies forget to close these backdoors while other times they leave it open for further exploitation.
One such backdoor is the debugger function left open by Foxconn.
Potential hackers can exploit it to put a connected Android smartphone into its factory test mode.
One such backdoor is the debugger function left open by Foxconn.
Potential hackers can exploit it to put a connected Android smartphone into its factory test mode.
Phone vendors were unaware this backdoor has been placed into their products, said Sawyer.
In short, this is a full compromise over USB, which requires no logon access to the gear.
This vulnerability completely bypasses authentication and authorization controls on the gear.
It is a prime target for forensic data extraction.
This makes a lot of Android smartphones vulnerable to hacking with thePorkExplosionflaw.
To mitigate the vulnerability, Sawyer recommends taking the following action for Android smartphone owners.
The ftmboot partition contacts a traditional Android kernel/ramdisk image.
This one has SELinux disabled, and adb running as root.
The ftmdata partition is mounted on /data during ftm bootmode.
These partitions are only a sign that the gadget is vulnerable.
source: www.techworm.net
