Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker

How to Hack an Android device?

It is possibly one of the most frequently asked questions on the Internet.

Although it’s not pretty simple to hack Android devices and gadgets, sometimes you just get lucky to find a backdoor access.

Thanks to Allwinner, a Chinese ARM system-on-a-chip maker, which has recently been caught shipping a version of Linux Kernel with an incredibly simple and easy-to-use built-in backdoor.

Chinese fabless semiconductor company

Allwinner

is a leading supplier of application processors that are used in many low-cost Android tablets, ARM-based PCs, set-top boxes, and other electronic devices worldwide.

Simple Backdoor Exploit to Hack Android Devices

All you need to do to gain root access of an affected Android device is…

Send the text “

rootmydevice

” to any undocumented debugging process.

The local privileges escalation 

backdoor code

for debugging ARM-powered Android devices managed to make its way in shipped firmware after firmware makers wrote their own kernel code underneath a custom Android build for their devices, though the mainstream kernel source is unaffected.

The backdoor code is believed to have been left by mistake by the authors after completing the debugging process.

For exploiting this issue, any process running with any UID can be converted into root easily by simply using the following command:

echo “rootmydevice” > /proc/sunxi_debug/sunxi_debug

The

Linux 3.4-sunxi kernel

was originally designed to support the Android operating system on Allwinner ARM for tablets, but later it was used to port Linux to many Allwinner processors on boards like Banana Pi micro-PCs, Orange Pi, and other devices.

At the

forum

of the Armbian operating system, a moderator who goes by the name Tkaiser

noted

that the backdoor code could remotely be exploitable

“if combined with networked services that might allow access to /proc.”

This security hole is currently present in every operating system image for A83T, H3 or H8 devices that rely on kernel 3.4, he added.

This blunder made by the company has been frustrating to many developers. Allwinner has also been less transparent about the backdoor code. David Manouchehri released the information about the backdoor through its own Github account (

Pastebin

) and then apparently deleted it.

from The Hacker News http://ift.tt/1QZQTWK

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s