top | item 13362656

(no title)

fn42 | 9 years ago

It sounds like this is more or less equal to android's "ADB"?

> “There are several ways someone could do this. An attacker could change the BIOS configuration (for example, with a use of a Flash programmator) when they have physical access to the equipment during manufacturing, storage or usage.

It has to be specifically enabled (with physical access)

discuss

debatem1|9 years ago

No, at least not on stock Android devices. ADB is pretty constrained (SELinux policy, the DAC, etc). It shouldn't be possible to go from there to something like root+unconfined on a normal user device, though of course with additional exploits anything is possible.

If the comments above are correct this is either more like JTAG or is JTAG. That's commonly far more capable, usually providing the ability to do things like read and write arbitrary memory without any kernel hinderance at all (although ARM cpus can typically still protect trustzone memory).

revelation|9 years ago

JTAG is a protocol for testing electrical connectivity and package pins, all the debug capability is proprietary vendor extensions. Which is to say that for any retail product, the CPU will have had a fuse set to make it "protected" which typically includes disabling debug JTAG functionality.

AstralStorm|9 years ago

It takes just one local root exploit for ADB. Which is why it has to be switched on manually on the device.

The other way is supposedly protected by manual installation and signing keys.