Independent researcher John Sawyer (Jon Sawyer) even at the end of August 2016 found that many devices running Android, in fact, contain the backdoor. The problem, named Pork Explosion, is that many manufacturers allow Foxconn to create and add their own code. Exactly such a code, the researcher discovered in the OS loader, and it is not known whether this debug feature placed there intentionally, or accidentally forget.
Sawyer writes that the debugging feature allows you to bypass the authentication procedure the device is switched on. However, the implementation of such an attack a potential attacker need to have physical access to the device. The fact is that for the problem device must be connected to a PC via USB, and to interact with the loader and call the debug function will need special software. In theory, the role of such software must play debugger at Foxconn, but the researcher managed to create their own version of the tool.
to Enter test mode through Fastboot. Sawyer writes that the command to activate the discovered backdoor is “reboot-ftm”, but send it to the device is possible only using custom software to do it directly through the interfaces of Android or the manufacturer, will not work.
“Although it identified a debug function, it’s also a real backdoor. This should not be in modern devices, and it is a symptom of negligence on the part of Foxconn,” writes the researcher.
In debug mode, the user gets root access, and one of the main mechanisms of Android security, SELinux is actually disabled. Thus, the device can be compromised completely, without any authentication and authorization by simply connecting it to your computer via USB. Sawyer writes that this functionality is a real gift for forensics that can retrieve the data in such a way, to hack cryptographic keys and so on.
the Analyst believes that backdoor Pork Explosion can be detected on many devices, but the exact list of affected manufacturers models it does not. Moreover, the researcher claims that the producers are not even aware of the existence of a backdoor on its devices. All those who want to look for a backdoor, Sawyer recommends looking for sections “ftmboot” and “ftmdata”, which are a sure sign of vulnerability.