Snapdragon Devices are Vulnerable

8/11/2019 Snapdragon Devices are Vulnerable

1/12

12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life

http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 1/12

by Kellex on Aug 7, 2014

Dan Rosenberg Unlocks Moto X Bootloader,

Snapdragon Devices are Vulnerable (U

PREVIOUS STORY

T-Mobile Overtakes Sprint as

#1 Prepaid Wireless Provider

NEXT STORY

SEGAs Crazy Taxi City Rush

Hits Android, Free to

Download

Topics Show Store Tip Us
http://www.droid-life.com/contact/http://store.droid-life.com/http://www.droid-life.com/show/http://www.droid-life.com/http://www.droid-life.com/2014/08/07/segas-crazy-taxi-city-rush-hits-android-free-to-download/http://www.droid-life.com/2014/08/07/t-mobile-overtakes-sprint-as-1-prepaid-wireless-provider/http://www.droid-life.com/author/kellex/


2/12



The Blackhat 2014conference is taking place this week in Las Vegas, a

conference which Dan Rosenberg, the man responsible for exposing numerous

security exploits on Android devices, is speaking at. You may recall his previous

work that unlocked the bootloader of a number of Motorola DROID devices,

something that developers had attempted for years to try and accomplish

without success.

When Rosenberg (@djrbliss) first popped up on the list of Blackhatconference

speakers with a topic that was to conclude by discussing an unpublished

security exploit including a live demonstration of using it to permanently unlock

the bootloader of a major Android phone, we were certainly interested. His talk

happened last night, and according to those at the conference, he successfully

unlocked the bootloader of the Moto Xon stage.

The security vulnerability was discovered in ARMs TrustZone, which Qualcomm uses as a

on devices using its Snapdragon processors. According to Rosenberg, this vulnerability exi
http://www.droid-life.com/tag/moto-xhttps://twitter.com/djrblisshttp://www.droid-life.com/2013/04/08/motorola-razr-hd-razr-m-and-atrix-hd-bootloader-unlock-released/http://www.droid-life.com/tag/dan-rosenberg


3/12



that support TrustZone and utilize a Qualcomm Snapdragon SoC. Well, except for the Gal

which have been patched. Rosenberg also notes in a written report about the exploit that

patched by now through software updates. He first wrote this report up on July 1, but is on

As for the Moto X being used to demonstrate his findings, this could mean that Motorola

have seen a number of updates arrive for Motorola devices within the last few weeks, most

level.

Other vulnerable devices specifically noted in this report include the Galaxy S4, Galaxy Not

original HTC One (M7).

So what does this mean for the future of unlocking your current phone? Well, it could mea

wrote up his report on July 1, so manufacturers could have (likely have) seen it already. Sin

One (M8) have been patched, it could mean that others will be patched (if they havent beealso need to Dan to release the full exploit and method, which I do not believe he has done,

how it works. I sort of doubt that he is going to put together a 1-click button for making th

other developers to take his findings and make some magic happen.

His report has been posted here.

Update: Qualcomm reached out to us with the following statement

Qualcomm Technologies takes the security of its products very seriously and invests t

vulnerabilities in our software before its made available to customers. Were aware of th

available software updates for our impacted customers to address the reported vulnera
http://i.imgur.com/TXKDpOI.png


4/12



103 Comments

Greg Morgan

The man isa magician...

josuearisty

Anybody tried this for droid ultra?

Nathan Borup

He hasn't actually released an easy way to unlock. To do what Dan did, you

HarvesterX

Having an unlocked bootloader is a PLUS...Lol

PREVIOUS STORY

T-Mobile Overtakes Sprint as #1 Prepaid Wireless

Provider

NEX

SEGAs Crazy Taxi City

Do
http://disqus.com/josuearisty/http://www.droid-life.com/2014/08/07/segas-crazy-taxi-city-rush-hits-android-free-to-download/http://www.droid-life.com/2014/08/07/t-mobile-overtakes-sprint-as-1-prepaid-wireless-provider/http://disqus.com/harvesterx/http://disqus.com/nathanborup/http://disqus.com/josuearisty/http://disqus.com/gmorgan056/http://adclick.g.doubleclick.net/aclk?sa=L&ai=BN2sNRsnpU6DXGcr99QXo6YHQDgAAAAAQASAAOABQ55qu-Pz_____AViHz_AbYKWoqoCoAYIBCWNhLWdvb2dsZbIBEnd3dy5kcm9pZC1saWZlLmNvbcgBAqgDAeAEApoFGQjcvVAQiOaVNBij4eOGASCHz_AbKJTnyQHaBQIIAaAGPuAGlOfJAQ&num=0&sig=AOD64_2tFFJvZ_hSHRVGngVMSUn-wNnErw&client=&adurl=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCK2nfRcnpU-XeKYLN9AX-5oCIDJKx-4cFsq6B8KoBwI23ARABIABQgMfhxARgpaiqgKgBggEXY2EtcHViLTUwMzI0NDQ3MzI2OTg3MzbIAQmpAmE05AX8Da8-4AIAqAMBmAQAqgTLAU_QXpS8-CNnV-ScQV82Rik4o89MN5vWIGWs6GZyIdTD-1lWcGaEAs4ZyocE1TV6ndWs41rj9HBCWB9yWyaoZZFylK9YHL5sUo3-HhGLITdgp4Ta3fOOO9pf6OsKTPdAV5U4YHKmlsyL4kEaCb2CSzeLfdz79b43-XbWrFlsBvShfRPftjJj1dFeAUWnDM8lALA4gaGVkPWCS-heqRF7PsLREV_qf3E2rrVDb9QDh8Zwr90qXzcuYTuA1LCsbbEHM1MKAHPNcctxBND24AQBgAb5oZO4iJ2Q2IABoAYh%26num%3D1%26sig%3DAOD64_2zmILx_XYwxGEDjICnr7o5LZ9ruA%26client%3Dca-pub-5032444732698736%26adurl%3Dhttp://www.optus.com.au/shop/mobilephones/my-plan%253FCID%253Ddis:con:aod:LMY:awa:BYO::::%2526utm_source%253Daod%2526utm_medium%253Ddis%2526utm_campaign%253Ddis_LMY_awa%2526utm_content%253D


5/12



Guest

One more reason to go with IPhone, their bootloader's are fully secured in addition

MJ

Good try troll...get a job and a life.

Nathan Borup

whoa what happened here??

MJ

You new to the Internet? Don't know what trolling is?

Nathan Borup

You don't get it... look at this pic

http://i1092.photobucket.com/a...

MJ

What pic?

Nathan Borup

Maybe its not showing anymore ... I took a screenshot of what I saw.

Tillmorn

My vote is glitch. Guest is a pretty well-known troll on Droid Life.

Rob Dallara

that damn 'Guest' u is ever where!
http://disqus.com/robdallara/http://disqus.com/tillmorn/http://disqus.com/nathanborup/http://disqus.com/nathanborup/http://disqus.com/nathanborup/http://i1092.photobucket.com/albums/i403/underdog1799/troll.png


6/12


http://www.droid- li fe.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 6/12

dazeone

Jail breaking an iPhone has been done on every iPhone. IPhone is just as v

a way.

iPhones suck

You can't hack an iPhone, just asked the 20 something celebrities that have

phones, i.e. naked scarlet johanson

iPhone's suck

Wish I had that iphone hack, would love to see alison brie's pictures

Nathan Borup

Seriously... he told everyone that he was done with the Moto X

Justtyn Hutcheson

This exploit reaches far, far beyond that little guy. So, he wasn't working on

as the best known, previously-uncracked bootloader. Motorola was renown

nigh-impenetrable bootloaders, and with the exception of the Qualcomm-ba

So by showing off on a Motorola device, the credibility of the exploit existingincreased, as any exploits are unlikely to be found in Motorola's proprietary

Nathan Borup

Yeah, I understand this. I just thought it was funny he used a moto X

Just give us the friggen option. If you want to void our warranties, that's fine.

stang68

I just want to easily root my Verizon Moto X...

Nathan Borup

In case you are $45 desperate... I'll just leave this here. http://forum.xda-developersI did this to my phone and have not regretted it since

But now that a bootloader unlock exploit came out, you might want to be a little pati
http://disqus.com/robdallara/http://disqus.com/nathanborup/http://disqus.com/stang68/http://disqus.com/nathanborup/http://disqus.com/justtynhutcheson/http://disqus.com/nathanborup/http://disqus.com/robdallara/http://forum.xda-developers.com/moto-x/general/china-middleman-t2751177


7/12



funnyfarm299

What about those that have a 2013 build?

sirmipsalot

If you can easily unlock the bootloader, then you *can* easily root it.

stang68

Yes, let's hope he releases it!

tyguy829

Not that I'm encouraging verizon's terrible and hostile practices, but why didn't you

stang68

Couldn't pay the (I think) $600 it was at the time.

Gr8Ray

Also, it's an ugly phone.

C-Law No sir

Nathan Borup

Look into Pie root

Justtyn Hutcheson

Doesn't work for 4.4.4 (that's the reason jcase released Pie; it was patched

once you update you're done. Looking at this, there is every possibility that

which means we're back to square 1.

hoosiercub88

It didn't work on Verizon 4.4.2 either.

Nathan Borup

Yeah, but if you're looking for root, you know you shouldn't update...
http://disqus.com/nathanborup/http://disqus.com/hoosiercub88/http://disqus.com/justtynhutcheson/http://disqus.com/nathanborup/http://disqus.com/jimmypop13/http://disqus.com/Gr8Ray/http://disqus.com/stang68/http://disqus.com/tyguy829/http://disqus.com/stang68/http://disqus.com/sirmipsalot/http://disqus.com/funnyfarm299/


8/12



imlip

4.4.4 patched it.

chris_johns

whats this?

Nathan Borup

http://forum.xda-developers.co...

Its only for 4.4.2 or lower though

Kevin

You have the option if you're on 4.4.2. If not then you lost your chance to root.

haaris

towelroot

chris_johns

that droid hd was a sexy phone

Lucas Tanos

I think its a great example of a phone made for last. The materials and the look was

version.

TheRunner024

I'm glad I bought the Developer Edition.

needa

too bad it could not be customized.

mcdonsco

Still waiting for the day someone takes this to court for devices purchased at full retail to b

loader unlocked on the device they own.

Of course OEM's would then say "warranty would be void" but I'd be okay with that as I'm s

time if the phone works fine out of the gate it will continue to do so.

One day maybe.
http://disqus.com/mcdonsco/http://disqus.com/needa/http://disqus.com/TheRunner024/http://disqus.com/lucastanos/http://disqus.com/liLuciferil/http://disqus.com/disqus_3gAaf9StoI/http://disqus.com/disqus_ryXuQdKQb0/http://disqus.com/nathanborup/http://disqus.com/liLuciferil/http://disqus.com/imlip/http://forum.xda-developers.com/moto-x/orig-development/root-4-4-x-pie-motorola-devices-t2771623


9/12



Imagine being able to buy any android phone you want and IMMEDIATELY being able to ru

so nice.

sirmipsalot

If this were to happen, the carriers wouldn't necessarily have to allow the device on

would given the open-access requirements of the 700 MHz spectrum they use). Soruling that the OEMs have to give you bootloader-unlock access to the device (if bo

example - thus, not subsidized), most of the carriers could at least theoretically tur

"security checkin" requirement on the device to continue accessing their network a

a ruling, but honestly, it'd probably just escalate the arms race.

Jason B

Doubtful, as the Nexus phones/tablets are already allowed on U.S. carriers

4 AWS Verizon areas) and various Dev Edition phones too.

Basically, if it's already been certified by the FCC for its usable radio freque

be blocked from access. The wireless carriers are using OUR frequencies

sirmipsalot

Licensing FCC spectrum does not have the open-access requirem

notable exception of Verizon's 700 MHz block. Just because it has b

not mean that it will always be that way. Nothing actually requires thof a device means absolutely nothing about whether a carrier has to

their network. If this was true, frequency-compliant CDMA devices w

compatible CDMA networks, but of course that isn't true. FCC devic

complies with FCC regs and is compatible with the networks it claim

There are various potential technical countermeasures to connectin

even on GSM - including traffic-shaping.

acras

You keep bringing up the 700 MHz spectrum open access requirem

Verizon has to allow access. Verizon specifically ignored that requir

months so they could push out their crappy 7" tablet before "approvi

be the LAST carrier to allow unlocked devices on their network. Cas

run the Nexus 5 on. Theres one missing...

sirmipsalot

Verizon specifically was sued over the N7 LTE fiasco. But it's a grea

technically comply with the regulations (even though it's dragging thi

customers.

'
http://disqus.com/sirmipsalot/http://disqus.com/acras/http://disqus.com/sirmipsalot/http://disqus.com/disqus_2iB44VOOBt/http://disqus.com/sirmipsalot/


10/12



Load more comments

HTC Launches Budget-Friendly Desire 600 and 800

Devices in US

It's actually smart to do it on a mid range phonebecause it can help sell because it has the iPhone look

OnePlus One Receivin

Today

It should30 phones....

Friday Poll: Of Your 10 Closest Friends and Family, How

Many Own Android Phones?

Galaxy Note 4 Reporte

QHD Display and Cha

, ,

addition to its use of the regulated LTE block. The entire reason the

LTE is that it had no CDMA component at all, and its connectivity wa

Take that away, and there wouldn't have been a Verizon-compatible

VoLTE will suddenly bring open-access of all devices to Verizon. Th

practicality of that (given that Verizon is also using less-regulated sp

customers.

Jason B

You're thinking about it way too much. Basically, wireless carriers w

services. If they disallow bootloader unlocked devices and alienate c

especially as more and more people want control over the devices t

term, some could block access, but once that gets out, the compan

its reputation in the process after the small, but vocal minority speak

And CDMA is a closed-source technology, so that's not a good anal

While Verizon has an open access clause for C-block, it doesn't dis

preventing you from registering said device on their network (unless

account). The fiasco with the Nexus 7 LTE proved that.

sirmipsalot

You're overestimating how many customers even know what an unl

underestimating the track record of the carriers when it comes to ascontrol of their networks.

Thanks for bringing up the Verizon/N7 fiasco. The exact same situat

they so chose, as could any variants thereof. GSM being an open te

respect to any carrier building additional software layering above it.

The small but vocal minority you're talking about has been railing ag

these comments pages are full of people sticking with them and beg

speaking with their wallets. Even among this minority, there's no act
http://redirect.disqus.com/url?url=http%3A%2F%2Fwww.droid-life.com%2F2014%2F08%2F08%2Ffriday-poll-of-your-10-closest-friends-and-family-how-many-own-android-phones%2F%3ApXmwA_ODMTr1qs9MfX13RPDR-vI&imp=77mgg8ehue5cu&prev_imp=77mg814l3qks2&forum_id=284224&forum=droidlife&thread_id=2908349614&major_version=metadata&thread=2911804937&zone=internal_discoveryhttp://redirect.disqus.com/url?url=http%3A%2F%2Fwww.droid-life.com%2F2014%2F08%2F11%2Fgalaxy-note-4-reportedly-photographed-reveals-5-7-qhd-display-and-chamfered-edges%2F%3AP3ZFJoHfp1AxrKz4_soSgWh_UMQ&imp=77mgg8ehue5cu&prev_imp=77mg814l3qks2&forum_id=284224&forum=droidlife&thread_id=2908349614&major_version=metadata&thread=2918351269&zone=internal_discoveryhttp://disqus.com/sirmipsalot/http://disqus.com/disqus_2iB44VOOBt/http://redirect.disqus.com/url?url=http%3A%2F%2Fwww.droid-life.com%2F2014%2F08%2F11%2Fgalaxy-note-4-reportedly-photographed-reveals-5-7-qhd-display-and-chamfered-edges%2F%3AP3ZFJoHfp1AxrKz4_soSgWh_UMQ&imp=77mgg8ehue5cu&prev_imp=77mg814l3qks2&forum_id=284224&forum=droidlife&thread_id=2908349614&major_version=metadata&thread=2918351269&zone=internal_discoveryhttp://redirect.disqus.com/url?url=http%3A%2F%2Fwww.droid-life.com%2F2014%2F08%2F08%2Ffriday-poll-of-your-10-closest-friends-and-family-how-many-own-android-phones%2F%3ApXmwA_ODMTr1qs9MfX13RPDR-vI&imp=77mgg8ehue5cu&prev_imp=77mg814l3qks2&forum_id=284224&forum=droidlife&thread_id=2908349614&major_version=metadata&thread=2911804937&zone=internal_discoveryhttp://redirect.disqus.com/url?url=http%3A%2F%2Fwww.droid-life.com%2F2014%2F08%2F11%2Foneplus-one-receiving-update-to-android-4-4-4-starting-today%2F%3AnuMJiTrZoI14wX64h_74bcYmACQ&imp=77mgg8ehue5cu&prev_imp=77mg814l3qks2&forum_id=284224&forum=droidlife&thread_id=2908349614&major_version=metadata&thread=2918548958&zone=internal_discoveryhttp://redirect.disqus.com/url?url=http%3A%2F%2Fwww.droid-life.com%2F2014%2F08%2F11%2Foneplus-one-receiving-update-to-android-4-4-4-starting-today%2F%3AnuMJiTrZoI14wX64h_74bcYmACQ&imp=77mgg8ehue5cu&prev_imp=77mg814l3qks2&forum_id=284224&forum=droidlife&thread_id=2908349614&major_version=metadata&thread=2918548958&zone=internal_discoveryhttp://redirect.disqus.com/url?url=http%3A%2F%2Fwww.droid-life.com%2F2014%2F08%2F11%2Fhtc-launches-budget-friendly-desire-600-and-800-devices-in-us%2F%3AT4nZhpRJqoffYJRTZBd-qxIDk9w&imp=77mgg8ehue5cu&prev_imp=77mg814l3qks2&forum_id=284224&forum=droidlife&thread_id=2908349614&major_version=metadata&thread=2919062323&zone=internal_discoveryhttp://redirect.disqus.com/url?url=http%3A%2F%2Fwww.droid-life.com%2F2014%2F08%2F11%2Fhtc-launches-budget-friendly-desire-600-and-800-devices-in-us%2F%3AT4nZhpRJqoffYJRTZBd-qxIDk9w&imp=77mgg8ehue5cu&prev_imp=77mg814l3qks2&forum_id=284224&forum=droidlife&thread_id=2908349614&major_version=metadata&thread=2919062323&zone=internal_discovery


11/12


12/12


DRD Life Inc. About Contact Advertise Privacy Policy

Handcrafted by Coulee Creative.
http://www.droid-life.com/http://couleecreative.com/http://www.droid-life.com/privacy-policy/http://www.droid-life.com/advertise/http://www.droid-life.com/contact/http://www.droid-life.com/about/

Documents

Snapdragon Devices are Vulnerable