Android bootloader: How does it work and what is the risk?

Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk these vulnerabilities present.

Kevin Beaver, Principle Logic, LLC

Computer scientists recently discussed several vulnerabilities that were discovered in Android bootloaders using...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please log in.

You have exceeded the maximum character limit.

Please provide a Corporate Email Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

the BootStomp tool. How do Android bootloaders work, and what are the risks of the vulnerabilities?

Android bootloaders work similar to a BIOS on a PC, as they enable the phone to look for a boot device and start up from it. Bootloaders also enable users to reset their device, unlock the bootloader and put the bootloader in fastboot mode to enable files to be sent from a computer -- typically to flash different official firmware or recoveries.

Vulnerabilities are typically caused when the device's bootloader is unlocked, as an unlocked bootloader enables the user to make many different changes to the device that the OEM would not typically allow. This can include flashing custom ROMs, sideloading programs, flashing recoveries and modifying system elements.

Most OEMs won't honor devices with problems if their bootloaders are unlocked, since a locked bootloader usually provides better protection against vulnerabilities. These vulnerabilities can prevent the device from booting up, programs from operating properly, and it can also alter the device's actions.

Unlocked bootloader impacts users

Unlocking a bootloader would not be caused by a standard user. Even fewer people have root access, which some of these vulnerabilities require. These exploits would somehow need to gain root access to the Android device to make changes, and they could be devastating if that access is obtained.

An unlocked bootloader enables the user to make many different changes to the device that the OEM would not typically allow.

There could be some cases of consumers buying used devices like phones that come with an unlocked bootloader or that have been rooted, but those instances are rare. These exploits could possibly unlock the bootloader themselves, but this action would most likely require a reboot to do so.

The best way to stay safe from these vulnerabilities is to only install apps that you trust and to make sure that you know what apps you're giving administrative access to on an Android.

Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)

This was last published in January 2018

Unlocked bootloader impacts users

mobile malware

boot

Eclypsium calls out Microsoft over bootloader security woes

Serious BootHole vulnerability puts millions of systems at risk

Unlocked bootloader impacts users

Dig Deeper on Application and platform security

mobile malware

boot

Eclypsium calls out Microsoft over bootloader security woes

Serious BootHole vulnerability puts millions of systems at risk

Related Q&A from Kevin Beaver

Inbound vs. outbound firewall rules: What are the differences?

Host IDS vs. network IDS: Which is better?

Network security vs. application security: What's the difference?