Jump to content


Photo

[DANGER] Backdoor found in Allwinner Linux kernel. ALL Allwinner H3/A83T/H8 devices with "sunxi-3.4" kernel are vulnerable to privilege escalation


  • Please log in to reply
1 reply to this topic

#1 eriamjh

eriamjh

    Member

  • Members
  • PipPip
  • 24 posts

Posted 01 June 2016 - 05:54 PM

http://thehackernews...al-exploit.html

echo "rootmydevice" > /proc/sunxi_debug/sunxi_debug

Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker

Wednesday, May 11, 2016

 

Mohit Kumar

How to Hack an Android device?

It is possibly one of the most frequently asked questions on the Internet.

Although it's not pretty simple to hack Android devices and gadgets, sometimes you just get lucky to find a backdoor access.

Thanks to Allwinner, a Chinese ARM system-on-a-chip maker, which has recently been caught shipping a version of Linux Kernel with an incredibly simple and easy-to-use built-in backdoor.

Chinese fabless semiconductor company Allwinner is a leading supplier of application processors that are used in many low-cost Android tablets, ARM-based PCs, set-top boxes, and other electronic devices worldwide.

Simple Backdoor Exploit to Hack Android Devices

All you need to do to gain root access of an affected Android device is…

Send the text "rootmydevice" to any undocumented debugging process.

The local privileges escalation backdoor code for debugging ARM-powered Android devices managed to make its way in shipped firmware after firmware makers wrote their own kernel code underneath a custom Android build for their devices, though the mainstream kernel source is unaffected.

The backdoor code is believed to have been left by mistake by the authors after completing the debugging process.

For exploiting this issue, any process running with any UID can be converted into root easily by simply using the following command:

    echo "rootmydevice" > /proc/sunxi_debug/sunxi_debug

The Linux 3.4-sunxi kernel was originally designed to support the Android operating system on Allwinner ARM for tablets, but later it was used to port Linux to many Allwinner processors on boards like Banana Pi micro-PCs, Orange Pi, and other devices.

At the forum of the Armbian operating system, a moderator who goes by the name Tkaiser noted that the backdoor code could remotely be exploitable "if combined with networked services that might allow access to /proc."

This security hole is currently present in every operating system image for A83T, H3 or H8 devices that rely on kernel 3.4, he added.

This blunder made by the company has been frustrating to many developers. Allwinner has also been less transparent about the backdoor code. David Manouchehri released the information about the backdoor through its own Github account (Pastebin) and then apparently deleted it.

 

 



#2 youkee

youkee

    Advanced Member

  • Administrators
  • 237 posts

Posted 03 June 2016 - 03:52 AM

Yes, you are right, we heard this bug before.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users