Qualcomm Security Exploit Demonstrated at Blackhat Conference
The annual Blackhat conference, now in its 17th year, took place in Las Vegas last week. The conference is an assembly of security-focused individuals at which a number of devices such as home automation systems, smart cars, etc are hacked, in addition to a line up of speakers discussing information security. This year’s event turned out to be rather momentous with the SilentCircle’s Blackphone being rooted by XDA Senior Recognized Developer jcase. Another interesting development was Dan Rosenberg’s discussion, which popped up on the speakers list as ““including a live demonstration of using it to permanently unlock the bootloader of a major Android phone,”.
As it turned out, Dan Rosenberg, also known as XDA Recognized Developer DJRBliss, published a report which detailed a security vulnerability in ARM’s TrustZone, which is used by Qualcomm as a security layer on its Snapdragon line of processors. Rosenberg stated that this vulnerability existed on all Android devices that supported TrustZone and used a Snapdragon SoC, except the Samsung Galaxy S5 and HTC One M8, both of which have already been patched. He demonstrated his claim by unlocking a Moto X bootloader on stage, going on to say that a number of devices including Nexus 4 and Nexus 5, LG G2, Samsung Galaxy Note 3 were vulnerable.
While this is a notable discovery, it poses no immediate threat since Rosenberg did not release his exploit to the public, which allows manufacturers to patch it before any serious damage is done. Have a look at his full report in this summary image.