Backdoor dubbed Pork Explosion lets attackers go hog wild on Android phones

Backdoor dubbed Pork Explosion lets attackers go hog wild on Android phones
Credit: Wikipedia

A backdoor in Android firmware provided by manufacturer Foxconn allows attackers to root devices to which they have physical access, according to a security researcher and barbecue enthusiast who dubbed the vulnerability Pork Explosion.

Jon Sawyer (who also goes by jcase online) discovered the vulnerability at the end of August, and publicized it on his blog on Wednesday, a day after smartphone vendor Nextbit, which was one of the most heavily affected OEMs, released a fix for the problem.

+ALSO ON NETWORK WORLD: Hardcore fans mourn the death of Nexus by denouncing the Pixel + Darkweb marketplaces can get you more than just spam and phish

According to Sawyer, Pork Explosion allows attackers that have physical access to an affected device to gain a root shell. The heart of the problem is a rogue fastboot command, which bypasses every authentication and security measure present and reboots the phone into a factory test mode.

Simply put, Sawyer said, this is a method that allows attackers to completely compromise an affected device over a USB connection, providing full access to the device’s data and offering the ability to unlock the bootloader without modifying user data.

“While it is obviously a debugging feature, it is a backdoor,” he wrote. “It isn’t something we should see in modern devices, and it is a sign of great neglect on Foxconn’s part.”

Not every Foxconn-made phone is affected – only those that use Foxconn’s own firmware. Sawyer said that vendors InFocus and Nextbit were definitely affected, and it’s probable that “many more” also have vulnerable devices.

Sawyer’s blog post also describes how to check whether a device is vulnerable to Pork Explosion, which requires a look at the Android internal partition table.

This story, "Backdoor dubbed Pork Explosion lets attackers go hog wild on Android phones" was originally published by Network World.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO Nov/Dec 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.