Certain Android devices which contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the OS bootloader, according to a report by Softpedia.
The vulnerability creates a backdoor and bypasses authentication procedures if an attacker has USB access to a vulnerable phone.
“The reason this backdoor exists in the bootloader is because various OEMs allow Foxconn to create and supply firmware for some of the electronics,” stated the report.
US security expert Jon Sawyer discovered the vulnerability in August, which is most likely based on “Foxconn debugger” software.
“It isn’t something we should see in modern devices, and it is a sign of great neglect on Foxconn’s part,” said Sawyer.
An attacker is able to enter the device’s factory test mode and take “total control of the phone”. An unknown number of devices are affected.