Computer scientists recently discussed several vulnerabilities that were discovered in Android bootloaders using...
the BootStomp tool. How do Android bootloaders work, and what are the risks of the vulnerabilities?
Android bootloaders work similar to a BIOS on a PC, as they enable the phone to look for a boot device and start up from it. Bootloaders also enable users to reset their device, unlock the bootloader and put the bootloader in fastboot mode to enable files to be sent from a computer -- typically to flash different official firmware or recoveries.
Vulnerabilities are typically caused when the device's bootloader is unlocked, as an unlocked bootloader enables the user to make many different changes to the device that the OEM would not typically allow. This can include flashing custom ROMs, sideloading programs, flashing recoveries and modifying system elements.
Most OEMs won't honor devices with problems if their bootloaders are unlocked, since a locked bootloader usually provides better protection against vulnerabilities. These vulnerabilities can prevent the device from booting up, programs from operating properly, and it can also alter the device's actions.
Unlocked bootloader impacts users
Unlocking a bootloader would not be caused by a standard user. Even fewer people have root access, which some of these vulnerabilities require. These exploits would somehow need to gain root access to the Android device to make changes, and they could be devastating if that access is obtained.
There could be some cases of consumers buying used devices like phones that come with an unlocked bootloader or that have been rooted, but those instances are rare. These exploits could possibly unlock the bootloader themselves, but this action would most likely require a reboot to do so.
The best way to stay safe from these vulnerabilities is to only install apps that you trust and to make sure that you know what apps you're giving administrative access to on an Android.
Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Mobile application security best practices
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading