latest
Exploit Targets Qualcomm's EDL Mode, Affects Some Xiaomi, OnePlus, Nokia and other Devices
Qualcomm devices have an EDL mode, which as it turns out seems to be exploitable if you have the right tools released by the OEMs.
Devices with Qualcomm chipsets have a Primary Bootloader (PBL) which typically boots the Android system, but also houses an alternative boot mode known as EDL mode. EDL mode is Qualcomm's Emergency Download Mode and allows an Original Equipment Manufacturer (OEM) to force flash software on a device. This cannot be modified (read-only mode) and has full control over the device's storage. Many OEMs including OnePlus and Xiaomi have released tools (known as programmers) which utilize EDL mode and a protocol known as Firehose to unbrick a device, while other tools from companies such as Nokia have leaked. Firehose can utilize a number of commands to flash devices, along with the ability to examine the data within a device's memory. Security researchers Roee Hay (@roeehay) and Noam Hadad from Aleph Research have discovered critical device vulnerabilities using this mode, which effectively grants an attacker full device access.