Functionality

               Although this could be considered ethereal and academic in nature, this has turned into a full-
               fledged application. In one test, the researchers identified seven security issues. Six of these
               were new and one was acknowledged with CVE-2014-9798. With the six new issues, five had
               been  acknowledged  by  the  bootloader  vendors  (Cimpanu,  2017;  Brenner,  2017;  Redini,
               Machiry, Das, Fratantonio, Bianchi, Gustafson, Shoshitaishvili, Kruegel, & Vigna, 2017). These
               vulnerabilities may provide the attacker the opportunity to carry out permanent DoS attacks, to
               gain root rights which would then allow the OS to be unlocked and breach the CoT, and also
               insert the attacker’s arbitrary code (Cimpany, 2017; Brenner, 2017).

               This is not applicable to all the manufacturers. To date, this does affect the Huawei/HiSilicon
               chipset  (Huawei  P8  ALE-L23),  NVIDIA  Tegra  chipset  (Nexus  9),  MediaTeck  chipset  (Sony
               Xperia XA), and Qualcomm’s new and old LK bootloader (Brenner, 2017). The previously noted
               issue was related to the Qualcomm LK bootloader that was previously used.



               Availability

               The  tool  is  available  on  GitHub  in  the  repository  (https://github.com/ucsb-seclab/BootStomp,
               https://github.com/ucsb-seclab/BootStomp/blob/master/README.md,  https://github.com/ucsb-
               seclab/BootStomp/tree/master/tools,                                    https://github.com/ucsb-
               seclab/BootStomp/tree/master/toos/huawei_tools).

               Evaluations  for  the  Huawei,  Nexus,  Qualcomm,  and  Xperia  chips  are  located  at
               https://github.com/ucsb-seclb/BootStomp/tree/master/evaluation.

               In review of the reports, the tool provides a plethora of data and information. As an example, the
               tool  has  a  full,  and  thorough  analysis  of  the  Huawei  bootloader  (https://github.com/ucsb-
               seclab/BootStomp/blob/master/evaluation/huawei_p8/taint_analysis.txt)  for  review.  These  note
               the  issues  present,  along  with  where  these  are  located.  This  tool  may  not  be  a  panacea,
               however  is  exceptional  for  testing  hardware  modules  which  have  these  and  potentially  other
               chips.



               Resources

               Brenner, B. (2017, September 6). Fur flies over android bootloader flaws: Here’s what you need
               to  know.  Retrieved  from  https://nakedsecurity.sophos.com/2017/09/06/fur-flies-over-android-
               bootloader-flaws-heres-what-you-need-to-know/

               Cimpanu,  C.  (2017,  September  2).  Vulnerabilities  discovered  in  mobile  bootloaders  of  major
               vendors.    Retrieved   from   https://www.bleepingcomputer.com/news/security/vulnerabilities-
               discovered-in-mobile-bootloaders-of-major-vendors/


               Pentestit. (2017, August 1). Bootstomp: Find mobile device bootloader vulnerabilities. Retrieved
               from http://pentestit.com/bootstomp-find-mobile-device-bootloader-vulnerabilities/

                    54   Cyber Defense eMagazine – September 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.