Qualcomm Issues Statement on Dan Rosenberg’s TrustZone Vulernability

Yesterday, we reported on a security vulnerability that Dan Rosenberg had discovered, which affected “almost all” devices running Qualcomm Snapdragon processors. The vulnerability was discovered in ARM’s TrustZone, a system-wide security technology that Qualcomm uses in its mobile processors. If skilled enough, someone could use the vulnerability to “compromise DRM schemes, leak sensitive key materials, defeat operating system protection mechanisms, and in some cases manipulate software-programmable fuse to defeat secure boot.” As we mentioned yesterday, that could include unlocking the bootloader of a phone.

At the time of Dan’s findings, all devices running Qualcomm chipsets were vulnerable, but the company has since been made aware and has already taken steps to have it patched. Dan even noted that the Galaxy S5 and HTC One (M8) had already been patched.  (more…)

Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated)

The Blackhat 2014 conference is taking place this week in Las Vegas, a conference which Dan Rosenberg, the man responsible for exposing numerous security exploits on Android devices, is speaking at. You may recall his previous work that unlocked the bootloader of a number of Motorola DROID devices, something that developers had attempted for years to try and accomplish without success.

When Rosenberg (@djrbliss) first popped up on the list of Blackhat conference speakers with a topic that was to conclude by discussing an unpublished security exploit “including a live demonstration of using it to permanently unlock the bootloader of a major Android phone,” we were certainly interested. His talk happened last night, and according to those at the conference, he successfully unlocked the bootloader of the Moto X on stage.  (more…)

Dan Rosenberg Appears to Have Conquered Verizon’s Galaxy S4 Bootloader, Boots Custom Recovery

Verizon Samsung Galaxy S4

A couple of weeks ago, Dan Rosenberg announced that he had unlocked the bootloader of the AT&T Samsung Galaxy S4, but that he wouldn’t release his method until Verizon’s variant was also out in case they tried to patch it. With Big Red’s version arriving on doorsteps of pre-orderees, Dan had a chance to test his method thanks to a “helpful tester” and came out successful. According to a Tweet sent by Dan this morning, he successfully booted a custom recovery onto the Verizon version of the device and that he is looking forward to a release.  (more…)

Motorola RAZR HD, RAZR M, and Atrix HD Bootloader Unlock Released (Updated)

motorola bootloader unlock

Yesterday, news broke that Dan Rosenberg (@djrbliss) had unlocked bootloaders for a handful of Motorola devices including the DROID RAZR HD, RAZR MAXX HD, RAZR M, and Atrix HD, all of which are powered by Qualcomm chipsets. Today, he has released that same unlock tool so that you can free your phone from Motorola and Verizon’s clutches.

We should point out that you cannot re-lock the phone after using this tool (at this point), and it does indeed void your warranty. Also, Motorola can more than likely patch this in a software update, so you may want to weigh your options here before long. It’s risky from a warranty and replacement standpoint to say the least. As always, proceed with caution.

You definitely need to be rooted ahead of time, prior to using this tool. For those with a RAZR HD running Android 4.1.2 (the newest update), root has not been gained yet so you are out of luck for now. I can’t imagine that this won’t ever be rooted, but again as of today, there is no root method.

Update:  Dan released a root method for Android 4.1.2 that can be found here.

As we mentioned yesterday, this method does not work on OMAP powered phones, including the original RAZR, Bionic, and DROID 4. Do not attempt to use this on any of those phones.

Below, we have the basic instructions and notes from Dan.  (more…)