Bootloader Vulnerabilities Discovered Using BootStomp Tool

android system

A team of security experts developed BootStomp, an automated tool to find bugs in Android bootloaders and fix them at an early stage.

The majority of iOS users strongly believe their devices are less prone to attacks because of the highly secure software environment developed by Apple.

This claim is true to a certain extent since Android becomes extremely vulnerable every now and then due to the number of third-party software vendors involved in the development process.

Unlike Apple, Google allows chipset and smartphone manufacturers to make changes to the software, the user interface and the bootloader.

The bootloader is a set of actions carried out when your Android smartphone or tablet starts up.

Most users would say that a device is susceptible to attack only when it’s up and running.

But a team of researchers from the University of California at Santa Barbara has confirmed that the Android bootloaders found in five different chipset vendors are vulnerable and any hacker who has identified the bug can take control of the device even before it boots up.

These vulnerabilities break the Chain of Trust (CoT), a system established between hardware manufacturers and Google’s OS to ensure the boot-up process is safely carried out.

Vulnerabilities in Chipsets

The research team spent considerable time exploring the Android bootloaders and the vulnerabilities associated with them before making an open statement.

They found that even the top leading chipset manufacturers—including Qualcomm, Nvidia, MediaTek and Huawei—have bugs in their systems.

This is a very serious claim, considering these vulnerabilities affect so many devices at once. The research team also cited issues with specific devices as well as their bootloader versions.

The HiSilicon chipset, manufactured by Huawei with the code name Huawei P8 ALE-L23, is affected along with both new and old versions of Qualcomm’s LK system.

The Nvidia Tegra Chipset used in the Nexus 9 tablet and the MediaTek chipset used in the Sony Xperia XA is also affected by the vulnerabilities.

BootStomp: A Solution that Actually Works

The researchers were tasked with solving a complex problem in this project.

It’s difficult to understand the vulnerabilities hidden inside a bootloader because the entire process is carried out before a device is switched on.

It’s a closed-source process in which there are no debugging or header symbols to identify which part of the code carries out the task.

The team relied on reverse engineering and security audits to come up with a solution to address the vulnerabilities.

They developed BootStomp, a foolproof tool which will run scans to automatically identify security vulnerabilities inside the closed-source programs.

The automated system provides a set of inputs and if the output numbers vary, it identifies security bug(s) and notifies all the vulnerabilities found in a particular chipset.

The tool was used on the Qualcomm LK bootloader to identify if it is affected by the bug that was previously identified by the team.

When BootStomp scanned the LK program, it accurately identified that CVE-2014-9798 is the vulnerability.

The research team had previously confirmed this to be the issue through manual scanning.

Fixing the Vulnerabilities Immediately

Companies often host security contests where the world’s top hackers find bugs and receive rewards for their discoveries.

Similarly, the research team that identified vulnerabilities in top chipset manufacturers’ hardware should deserve credit because they found the vulnerabilities earlier so that any third-party wouldn’t exploit the weaknesses found in Android devices.

Any attacker can gain access to the device without the user’s knowledge if they realize that there are security flaws in the bootloader.

A detailed tabular column was also submitted by the security experts who confirmed the number of bugs found in the Qualcomm, MediaTek and other chipsets.

A Software Tool to Safeguard Android Systems

Android 4.4 version

Google releases updates to fix issues related to Android

The largest number of vulnerabilities were found in the Huawei bootloader, but considering the fact that Qualcomm is the most used chipset worldwide, a single bug is more than enough to create chaos among millions of users who use Android-powered devices.

Every year, Google releases security patch updates that fix issues related to Android devices outside the operating system, and a quick fix should be rolled out to current Android versions to safeguard the OS’s architecture.

The research team had provided additional information in their detailed paper titled “BootStomp: On the Security of Bootloaders in Mobile Devices.” The newly developed security program will help secure Android devices for years to come by helping identify bugs at an early stage.

Leave a Reply