Threat Category: Supply Chain
ID: SPC-21
Threat Description: Low level backdoor inadvertently left by firmware developer.
Threat Origin
This is what a root debug backdoor in a Linux kernel looks like 1
Chinese ARM vendor left developer backdoor in kernel for Android, other devices 2
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Obtain devices from a reputable vendor with a strong record of addressing security flaws in a timely fashion.
Mobile Device UserObtain devices from a reputable vendor with a strong record of addressing security flaws in a timely fashion.
To reduce the opportunity for an attacker to exploit a patched vulnerability, ensure security updates are applied in a timely manner by configuring automated installation of or, at a minimum, automatic notification of the availability of security updates.
To reduce the opportunity for attacks against various firmware components, disable device features when not in use (e.g., Bluetooth, Wi-Fi, NFC), and globally revoke access to unused device sensors or OS-provided functions (e.g., camera, microphone, location services).
EnterpriseTo reduce the opportunity for an attacker to exploit a patched vulnerability, ensure security updates are applied in a timely manner by configuring automated installation of or, at a minimum, automatic notification of the availability of security updates.
References
R. Chirgwin, “This is what a root debug backdoor in a Linux kernel looks like,” The Register, 9 May 2016; http://www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_kernel_has_a_nasty_root_backdoor/ ↩
S. Gallagher, “Chinese ARM vendor left developer backdoor in kernel for Android, other devices,” Ars Technica, 11 May 2016; http://arstechnica.com/security/2016/05/chinese-arm-vendor-left-developer-backdoor-in-kernel-for-android-pi-devices/ ↩