Sign in / up

back to article Boffins hijack bootloaders for fun and games on Android

University of California Santa Barbara researchers have turned up bootloader vulnerabilities across a bunch of Android chipsets from six vendors. The team of nine researchers decided to look at a little-studied aspect Android architecture – the interaction between OS and chip at power-up. To get inside that operation, they …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous South African Coward Bronze badge
    Trollface

    cue iThing fanboys cheering...

    0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Am I missing something

    If you've got root privileges isn't the game over anyway?

    8 0 Reply
    1. Chewi
      Reply Icon

      Re: Am I missing something

      In the case of malware, yes, but if you're trying to install a newer version of Android, no. You usually can't replace the kernel without unlocking the bootloader so while you may be able to get root and even load a custom ROM, you'll be effectively stuck on the same version of Android.

      1 0 Reply
  3. Duncan Macdonald

    Is this a problem ?

    If I read this correctly, the attacker needs physical access to the target device to exploit any of these vulnerabilities. If that is true then this is only a problem for a person that gets a pre-infected phone (eg a NSA target) or a person that lets a malicious person (say in a phone repair shop) have control of his/her phone.

    0 0 Reply
    1. phuzz Silver badge
      Reply Icon

      Re: Is this a problem ?

      What about a malicious charger? (ie something which purports to just provide power, but is actually doing naughty things via USB)

      2 0 Reply
      1. John H Woods Silver badge
        Reply Icon

        Re: Is this a problem ?

        Always use a USB condom

        0 0 Reply
  4. Nimby
    Coat

    And?

    We design phones around the same concepts as we do computers, then act surprised when they exhibit similar vulnerabilities?

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like