Backdoor Was Detected In Popular Allwinner Mobile Devices
Backdoor Was Detected In Popular Allwinner Mobile Devices

The Allwinner Technology is a Chinese fabless semiconductor company that designs mixed-signal systems on a chip (SoC). The company is headquartered in Zhuhai, Guangdong It has a sales and technical support office in Shenzhen, Guangdong, and logistics operations in Hong Kong. But, recently few software developers of various gadgets with chips of Allwinner Technology has detected a Backdoor in its mobile devices.

Backdoor Was Detected In Popular Allwinner Mobile Devices

Allwinner Technology is one of the largest suppliers of ARM-chips in China for low-cost devices which has produced a series of chips with pre backdoor in the Linux Kernel version. Employees of the Allwinner are not removed before the production of debugging code written for the operating systems Linux 3.4.

Therefore, all the mobile devices which are based on Allwinner sun8i (H3, A83T, and H8) contains the undocumented code to gain root privileges on the system running Android. The code was discovered by the software developers of various gadgets with chips of Allwinner Technology and published first on the GitHub, and then on Pastebin. However, it seems that the Allwinner Technology is the bit less clear about this whole story. The company released the information about the same on its GitHub account and later deleted it.

Tkaiser, a moderator over at the forums of the Armbian operating system said that “This security flaw is currently present in every OS image for H3, A83T or H8 devices that rely on kernel 3.4”.

echo “rootmydevice” > /proc/sunxi_debug/sunxi_debug

This is the command which allows any process to convert arbitrary UID into root. To implement this process simply send the text “rootmydevice” to any debugging process and the exploit is done.

Linux kernel 3.4-sunxi originally written for Android support on ARM Allwinner chips on the plates but later it was used for the Linux kernel for porting to different Allwinner processors like Banana Pi micro-PCs, Orange Pi Plus.

Moreover, at the moment, the backdoor is present in the images of the OS released for A83T, H3, and H8 devices which are based on the Linux 3.4 kernel.



COMMENTS

Tech Viral Deals