Potential bootloader unlocking vulnerability discovered for many Android devices

BY

Published 7 Aug 2014

NSFW AI Why trust Greenbot

We maintain a strict editorial policy dedicated to factual accuracy, relevance, and impartiality. Our content is written and edited by top industry professionals with first-hand experience. The content undergoes thorough review by experienced editors to guarantee and adherence to the highest standards of reporting and publishing.

Disclosure

Sony’s bootloader unlock service gets a much-needed facelift

While most Android OEMs have openly embraced the Android community and provide a bootloader unlocking tool, they bent to the whims of certain carriers in the United States and ship their phone with a locked down bootloader that is compatible with their bootloader unlocking tool. 

While gaining root access is still possible on these devices via an exploit, flashing custom ROMs becomes an incredibly complex process because of the locked down bootloader. Every once in a while though, a developer manages to find an exploit that allows them to completely bypass the bootloader, or better yet — allow them to unlock it. However, these exploits and vulnerabilities are incredibly rare to come, and require tremendous hours of research, effort and manpower to be unearthed in the first place.

Dan Rosenberg, who had earlier released a bootloader unlock exploit for nearly all the older Motorola devices, has unearthed a security exploit that allows him to unlock the bootloader on a bunch of devices including the likes of the Moto X, the Galaxy Note 3, Galaxy S4 and more. He unveiled the exploit at Blackhat USA earlier today, where he managed to unlock the bootloader of a Moto X live on stage.

Chances of Dan releasing a tool for unlocking the bootloader of these devices is pretty much nil though. Thankfully, he has already provided details about the exploit here, which provides an outline for other developers to follow and create a bootloader unlocking tool. This exploit, however, will not work on the Galaxy S5 and the HTC One M8 as the vulnerability is already patched on them.

[Via Reddit, 2]