Potential vulnerability in Qualcomm CPUs?

[dawheat]

http://forum.xda-developers.com/showpost.php?p=54653565&postcount=1278

This attached docs are from a guy who is a well known developer, presenting at Black Hat 2014.

Honestly I don't understand the amount of risk here - is seems like he identified a theoretical vulnerability that he wasn't actually able to do anything damaging. Can anyone with more knowledge help explain the importance and actual risk that he's identified?

<edit> He unlocked the bootloader of a Moto X live on stage - guess his statement about Moto vs Samsung secure boot was actually in favor of how Samsung does it.

Some other tweets also seem to imply this vulnerability can be used to unlock the bootloader of some/most HTC and Moto phones, but not Samsung for some reason (Knox?)

Would appreciate any insights from folks here.

 

[Ravynmagi]

Unlocking the bootloader is pretty much what every modder tries to accomplish on every phone and usually finds some vulnerability to accomplish it. For the end user, this is good, it allows them to install custom ROMs and replace the stock image.

Manufactures lock the bootloader to prevent users from doing this, because they want to lock you into their customized version of Android, often with carrier and their own bloat.

I don't know how unlocking the boot loader normally works. Though each phone usually requires it's own bootloader unlock method. So if someone has found a vulnerability in all Qualcomm CPUs that allow for unlocking large numbers of phones with a single vulnerability, that sounds quite big. And I think thats mostly good news for end users and bad news for manufactures that try so hard to keep us from modding our phones.

 

[Raduque]

It's cute how you think locked bootloaders are to stop you from uninstalling Verizon Navigator and changing the status bar icons.

 

[dawheat]

Hmm if that's all it is, then what's the advantage for users? I have root on my AT&T Note 3 with a locked bootloader and can use Safestrap to install any custom ROM I want. Sure it's maybe not as easy as the T-mobile Note 3, but I don't feel like I'm missing anything with a locked bootloader.

 

[Ravynmagi]

It's cute how you think locked bootloaders are to stop you from uninstalling Verizon Navigator and changing the status bar icons.

*sigh* I was about to explain that obviously people could still root tablets with locked bootloaders. But I was trying to keep the message short and assumed that side explanation wasn't necessary here.

Apparently it's necessary. Yes, you can root tablets with locked bootloaders and remove or freeze a lot of bloatware with something like Titanium. However there are still many changes made by the manufacturer and even carriers sometimes that go deeper than just removing some apps. And for modders it's good to be able to load a custom ROM and get an experience they can configure better to their liking and free of the heavy customizations they don't like.

 

[Mopetar]

After reading the paper, it appears as though only a limited amount of data can be written to secure memory, and that it can't be used for arbitrary code execution. However, it does look like it can be used to steal keys.

I wouldn't be too worried about it though as the exploit was released last year and has been patched (at least for some of the affected devices) based on a quick Google search.

 

[Ravynmagi]

Hmm if that's all it is, then what's the advantage for users? I have root on my AT&T Note 3 with a locked bootloader and can use Safestrap to install any custom ROM I want. Sure it's maybe not as easy as the T-mobile Note 3, but I don't feel like I'm missing anything with a locked bootloader.

I haven't needed to resort to using Safestrap on any of my devices since I've been able to unlock the bootloader and install custom ROMs normally. So I don't know the pros and cons of Safestrap other than I think it leaves the stock OS intact and creates another partition for the custom ROM. At the very least that's eating some some internal space. But I suppose that's an acceptable solution. Ideally though I think custom ROM would be ideal and being able to install a custom bootloader is nice too for easily installing updates.

Plenty of choices. Manufactures lock it. I never implied they lock it for a good reason.