Pork Explosion : Foxconn Firmware Flaw Leaves Android Devices Vulnerable To USB Hack

Android smartphones that have firmware created by Taiwanese manufacturing company, Foxconn are vulnerable to a hacking due to a flaw called Pork Explosion. Pork Explosion flaw allows hackers to use the debugging feature left inside the operating system bootloader and get total control of the victim’s Android smartphone.

The backdoor was discovered by US security expert Jon Sawyer, who dubbed it Pork Explosion, and noted that the flaw can be exploited by connecting an Android smartphone via USB to a computer with appropriate software for interacting with the phone during its boot-up procedure.

The flaw exists because of a backdoor left open by Foxconn engineers. Normally during the manufacturing process, a smartphone contains many backdoors which allow the engineers shortcuts for implementing various features. Sometimes companies forget to close these backdoors while other times they leave it open for further exploitation. One such backdoor is the debugger function left open by Foxconn. Potential hackers can exploit it to put a connected Android smartphone into its factory test mode.

One such backdoor is the debugger function left open by Foxconn. Potential hackers can exploit it to put a connected Android smartphone into its factory test mode. Once this is achieved, the hacker can then gain complete control over the smartphone  as the factory test mode bypasses the SELinux Android security control giving hackers complete access to the smartphone without any need for authentication.

“Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products,” said Sawyer.

“In short, this is a full compromise over USB, which requires no logon access to the device. This vulnerability completely bypasses authentication and authorization controls on the device. It is a prime target for forensic data extraction.

“While it is obviously a debugging feature, it is a backdoor, it isn’t something we should see in modern devices, and it is a sign of great neglect on Foxconn’s part.”Foxconn provides manufacturing services to a huge number of Android devices so

Foxconn doesn’t make Android smartphone but many top Android smartphone manufacturers use its manufacturing services to make their smartphone. This makes a lot of Android smartphones vulnerable to hacking with the Pork Explosion flaw.

To mitigate the vulnerability, Sawyer recommends taking the following action for Android smartphone owners. “For those looking to detect vulnerable devices, you can check for the partitions “ftmboot” and “ftmdata”. The “ftmboot” partition contacts a traditional Android kernel/ramdisk image. This one has SELinux disabled, and adb running as root. The “ftmdata” partition is mounted on /data during ftm bootmode. These partitions are only a sign that the device is vulnerable.”