Authentication bypass at Qualcomm Security Summit

Mobile security is a serious concern for all mobile device users. To connect and educate industry professionals about these concerns, Qualcomm hosts the annual Qualcomm Product Security Summit. In this session, titled “Breaking Mobile Bootloaders,” Christopher Wade, security consultant for Pen Test Partners, outlines actionable weaknesses in modern bootloaders that allow attackers to deploy unsigned code, despite protection mechanisms.

While bootloaders use signature verification mechanisms in order to protect a device from executing malicious software, attackers can circumvent these protections by finding weaknesses in the bootloaders and implementing custom functionality. Christopher Wade details security findings in the firmware update and management interfaces used by hardware platforms on mobile devices, and how they present an increased attack surface.

Wade covers signature bypass weaknesses in low-level mobile chips that facilitate weaponization of phone NFC capabilities, vulnerabilities in second-stage Android bootloaders that allow for authentication bypass and exfiltration of protected data, and findings in first-stage bootloaders that attack the lowest level of the Android boot process.

Learn more about the Qualcomm Product Security Summit and join the email list for the 2023 event: https://qct-qualcomm.secure.force.com...

View presentations from the Qualcomm Product Security Summit: https://qct-qualcomm.secure.force.com...

Watch other presentations from the Qualcomm Product Security Summit:    • UnZiploc: From 0-click to Platform Co...  

Learn more about Qualcomm product security: https://www.qualcomm.com/company/prod...

Learn more about Pen Test Partners security consulting and testing services:
https://www.pentestpartners.com/