How to Hack an Android device?
It is possibly one of the most frequently asked questions on the Internet.
Although it’s not pretty simple to hack an Android device, sometimes you just get lucky to find a backdoor access.
Thanks to Allwinner, a Chinese ARM system-on-a-chip maker, which has recently been caught shipping a version of Linux Kernel with an incredibly simple and easy-to-use built-in root backdoor.
Chinese fabless semiconductor company Allwinner is a leading supplier of application processors that are used in many low-cost Android tablets, ARM-based PCs, set-top boxes, and other electronic devices worldwide.
Simple Backdoor Exploit to Hack Android Device
All you need to do to gain root access of an affected Android device is…
Send the text " rootmydevice " to any undocumented debugging process.
The local privileges escalation backdoor code for debugging ARM-powered Android devices managed to make its way in shipped firmware after firmware makers wrote their own kernel code underneath a custom Android build for their devices, though the mainstream kernel source is unaffected.
The backdoor code is believed to have been left by mistake by the authors after completing the debugging process.
For exploiting this issue, any process running with any UID can be converted into root easily by simply using the following command:
echo "rootmydevice" > /proc/sunxi_debug/sunxi_debug
The Linux 3.4-sunxi kernel was originally designed to support the Android operating system on Allwinner ARM processors for tablets, but later it was used to port Linux to many Allwinner processors on boards like Banana Pi micro-PCs, Orange Pi, and other devices.
At the forum of the Armbian operating system, a moderator who goes by the name Tkaiser noted that the backdoor code could remotely be exploitable "if combined with networked services that might allow access to /proc."
This security hole is currently present in every operating system image for A83T, H3 or H8 devices that rely on kernel 3.4, he added.
This blunder made by the company has been frustrating to many developers. Allwinner has also been less transparent about the backdoor code. It released the information about the backdoor through its own Github account and then apparently deleted it.