Software Integrity Blog


Backdoor vulnerability affects Chinese ARM-based prototyping devices, others

Researchers have found that a Chinese chip manufacturer for low-cost Android tablets, set-top boxes, ARM-based PCs, and other devices has shipped a vulnerable Linux kernel in its latest product.

The operating system 3.4 legacy Linux kernel for H3/A83T/H8 produced by Allwinner, a Chinese system-on-chip company, apparently contains a serious vulnerability that can produce local privileges escalation, or a backdoor. According to security researchers, the company’s ARM Linux kernel includes code, “rootmydevice,” that gives apps running on the device root.

According to Armbian, a company that makes Linux distros for prototyping and development boards, the backdoor vulnerability affects every OS image for H3, A83T, or H8 devices that rely on Kernel 3.4. For example Orange Pi, a low-cost prototyping board, currently runs on H3.

Armbian reported a fix within a few hours. Other products affected include FriendlyARM, SinoVoip M3, SinoVoip M2+, CubieTruck +, and LinkSprite pcDuino8 Uno.

Analysis suggests this was perhaps debugging code left in the production units.

Ars Technica reported the code may have been left in the kernel after developers completed debugging. But the company has been less than transparent about it: Information about the backdoor was released and then apparently deleted through Allwinner’s own GitHub account.

Get industry-leading tools for every stage of your SDLC.

More by this author