Attacking the Samsung Galaxy A* Boot Chain
Quarkslab's research revealed vulnerabilities in Samsung Galaxy A devices, enabling code execution, root access, and sensitive data leaks. The findings were presented at BlackHat USA 2024, with exploits available on GitHub.
Read original article
Quarkslab's recent research has uncovered multiple vulnerabilities in the boot chain of several Samsung devices, particularly the Galaxy A225F. These vulnerabilities allow for code execution in the bootloader, root access on Android with persistence, and the potential to leak sensitive information from the Secure World, including Android Keystore keys. The vulnerabilities identified include a heap overflow in the Little Kernel, which can be exploited to execute code persistently, and an authentication bypass in the Odin recovery system that allows unauthorized flashing of partitions. Additionally, two vulnerabilities in the Secure Monitor enable the reading of out-of-bounds memory and mapping of arbitrary physical memory, facilitating the extraction of sensitive data. The research was presented at BlackHat USA 2024, and proof-of-concept exploits for these vulnerabilities have been made available on GitHub. The findings indicate that many Samsung devices using Mediatek SoCs may be affected by these vulnerabilities, highlighting significant security concerns for users.
- Quarkslab discovered vulnerabilities in Samsung Galaxy A devices, allowing code execution and root access.
- The vulnerabilities include a heap overflow and an authentication bypass in the Little Kernel.
- Exploits can leak sensitive data from the Secure World, including Android Keystore keys.
- The research was presented at BlackHat USA 2024, with proof-of-concept code available on GitHub.
- Many Samsung devices with Mediatek SoCs may be vulnerable to these issues.
Related
Secure Boot is completely broken on 200 models from 5 big device makers
Researchers from Binarly found that Secure Boot is compromised on over 200 device models due to a leaked cryptographic key, posing significant security risks until manufacturers issue firmware updates.
Compromising the Secure Boot Process
Researchers from Binarly revealed a security vulnerability in the Secure Boot process affecting over 200 device models due to a leaked cryptographic key, raising concerns about potential cyberattacks and security practices.
Secure Boot useless on PCs from major vendors after key leak
A study by Binarily found that hundreds of PCs from major manufacturers are vulnerable due to a leaked 12-year-old test platform key, allowing attackers to bypass Secure Boot protections.
Almost unfixable "Sinkclose" bug affects AMD chips
Researchers discovered a major security vulnerability in AMD processors, named "Sinkclose," affecting millions of chips since 2006, allowing undetectable malware installation and posing severe risks to system security.
Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability
A critical zero-click vulnerability, CVE-2024-20017, in MediaTek Wi-Fi chipsets allows remote code execution. Users are urged to update firmware due to increased exploitation risk from public proof-of-concept code.
3 commentsHeh, file format parsers - the GIFt that just keeps on giving
The early bootchain components are critical to the security of the device. I am extremly surprised Samsung let a complete noob add code to it.
Related
Secure Boot is completely broken on 200 models from 5 big device makers
Researchers from Binarly found that Secure Boot is compromised on over 200 device models due to a leaked cryptographic key, posing significant security risks until manufacturers issue firmware updates.
Compromising the Secure Boot Process
Researchers from Binarly revealed a security vulnerability in the Secure Boot process affecting over 200 device models due to a leaked cryptographic key, raising concerns about potential cyberattacks and security practices.
Secure Boot useless on PCs from major vendors after key leak
A study by Binarily found that hundreds of PCs from major manufacturers are vulnerable due to a leaked 12-year-old test platform key, allowing attackers to bypass Secure Boot protections.
Almost unfixable "Sinkclose" bug affects AMD chips
Researchers discovered a major security vulnerability in AMD processors, named "Sinkclose," affecting millions of chips since 2006, allowing undetectable malware installation and posing severe risks to system security.
Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability
A critical zero-click vulnerability, CVE-2024-20017, in MediaTek Wi-Fi chipsets allows remote code execution. Users are urged to update firmware due to increased exploitation risk from public proof-of-concept code.