Uncategorized

Aleph Security: Secure Boot vuln in Qualcomm OnePlus 2

OnePlus 2 Lack of SBL1 Validation Broken Secure Boot
Aleph Research Advisory
CVE-2017-11105

OnePlus 2 (a 2015 Qualcomm Snapdragon 810 device) successfully boots with a tampered Secondary Bootloader (sbl1) partition although it is digitally-signed, hence it is not validated by its Primary Bootloader (PBL), maybe due to lenient hardware configuration. Attackers capable of tampering with the sbl1 partition can then disable the signature validation of the rest of the bootloader chain and other SBL-validated partitions such as TrustZone and ABOOT.[…]

https://alephsecurity.com/vulns/aleph-2017026
https://alephsecurity.com/2017/05/11/oneplus-ota/
https://oneplus.net/
https://nvd.nist.gov/vuln/detail/CVE-2016-10370
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8850
https://github.com/OnePlusOSS
https://oneplus.net/2/oxygenos

 

 

Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s