The Samsung Galaxy S4 has been commercially available for about a month. In this time, 10 million devices have been sold – and at least one hack has been discovered. Security expert Dan Rosenberg identified a trivial design flaw in Samsung’s secure bootloader concept that allows arbitrary operating systems to be booted.
Most S4 models are sold unlocked and their owners can freely install, for example, a customised version of Android. However, at least in the US, AT&T and Verizon sell customised Samsung Galaxy S4 models that use the smartphone’s secured boot feature to ensure that only kernels with the company’s digital signature can be booted. For this purpose, the bootloader will check whether the system that is to be booted has a valid digital signature (RSA-2048, SHA1). RSA with 2048-bit keys can’t be cracked with current state-of-the-art technology, nor can a kernel be created that generates a given SHA1 hash value. The kernel would not need to actually boot, the goal is a pre-image attack – which has yet to be accomplished successfully.
However, Rosenberg didn’t even need to crack any crypto features for his hack. When reverse engineering the code, the specialist discovered that the bootloader loads the kernel that is to be checked into a memory address that he can determine. The address can actually be chosen in such a way that the code will overwrite the bootloader’s
check_sig() function before it is called by the bootloader. The purpose of this function is to perform the previously mentioned signature check and detect manipulated kernels this way. With Rosenberg’s skilful memory manipulations, it will instead tidy up the memory a little and then return that “everything is OK”.