12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid

d Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 1/12
by Kellex on Aug 7, 2014
Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All
Snapdragon Devices are Vulnerable (Updated)
PREVIOUS STORY
T-Mobile Overtakes Sprint as
#1 Prepaid Wireless Provider
NEXT STORY
SEGAs Crazy Taxi City Rush
Hits Android, Free to
Download
Topics Show Store Tip Us
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 2/12
The Blackhat 2014 conference is taking place this week in Las Vegas, a
conference which Dan Rosenberg, the man responsible for exposing numerous
security exploits on Android devices, is speaking at. You may recall his previous
work that unlocked the bootloader of a number of Motorola DROID devices,
something that developers had attempted for years to try and accomplish
without success.
When Rosenberg (@djrbliss) first popped up on the list of Blackhat conference
speakers with a topic that was to conclude by discussing an unpublished
security exploit including a live demonstration of using it to permanently unlock
the bootloader of a major Android phone, we were certainly interested. His talk
happened last night, and according to those at the conference, he successfully
unlocked the bootloader of the Moto X on stage.
The security vulnerability was discovered in ARMs TrustZone, which Qualcomm uses as a system-wide approach to security
on devices using its Snapdragon processors. According to Rosenberg, this vulnerability exists in all known Android devices
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 3/12
that support TrustZone and utilize a Qualcomm Snapdragon SoC. Well, except for the Galaxy S5 and HTC One (M8), both of
which have been patched. Rosenberg also notes in a written report about the exploit that many more devices may have been
patched by now through software updates. He first wrote this report up on July 1, but is only now showing it off a month later.
As for the Moto X being used to demonstrate his findings, this could mean that Motorola has yet to patch it. Then again, we
have seen a number of updates arrive for Motorola devices within the last few weeks, most of which involve security on some
level.
Other vulnerable devices specifically noted in this report include the Galaxy S4, Galaxy Note 3, Nexus 4, Nexus 5, G2, and
original HTC One (M7).
So what does this mean for the future of unlocking your current phone? Well, it could mean nothing. As mentioned above, Dan
wrote up his report on July 1, so manufacturers could have (likely have) seen it already. Since devices like the Galaxy S5 and
One (M8) have been patched, it could mean that others will be patched (if they havent been already) before long. We would
also need to Dan to release the full exploit and method, which I do not believe he has done, other than with a description of
how it works. I sort of doubt that he is going to put together a 1-click button for making this happen. Instead, it will be up to
other developers to take his findings and make some magic happen.
His report has been posted here.
Update: Qualcomm reached out to us with the following statement
Qualcomm Technologies takes the security of its products very seriously and invests to identify and address security
vulnerabilities in our software before its made available to customers. Were aware of this issue and have already made
available software updates for our impacted customers to address the reported vulnerabilities.
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 4/12
103 Comments Droid Life: An Intense Android News Community
Sort by Best
Join the discussion
Reply
Greg Morgan 5 days ago
The man is a magician...

37
Reply
josuearisty 5 days ago Greg Morgan
Anybody tried this for droid ultra?

3
Reply
Nathan Borup 5 days ago josuearisty
He hasn't actually released an easy way to unlock. To do what Dan did, you need to know a ton...

3
Reply
HarvesterX 5 days ago josuearisty
Having an unlocked bootloader is a PLUS...Lol

1
Share
Share
Share
Share
PREVIOUS STORY
T-Mobile Overtakes Sprint as #1 Prepaid Wireless
Provider
NEXT STORY
SEGAs Crazy Taxi City Rush Hits Android, Free to
Download
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 5/12
Reply 1
Reply
Guest 5 days ago Greg Morgan
One more reason to go with IPhone, their bootloader's are fully secured in addition to optimized OS & superior hardware

5
Reply
MJ 5 days ago Guest
Good try troll...get a job and a life.

30
Reply
Nathan Borup 4 days ago MJ
whoa what happened here??


Reply
MJ 4 days ago Nathan Borup
You new to the Internet? Don't know what trolling is?

2
Reply
Nathan Borup 4 days ago MJ
You don't get it... look at this pic
http://i1092.photobucket.com/a...

2
Reply
MJ 4 days ago Nathan Borup
What pic?


Reply
Nathan Borup 4 days ago MJ
Maybe its not showing anymore ... I took a screenshot of what I saw. It was a disqus glitch


Reply
Tillmorn 4 days ago Nathan Borup
My vote is glitch. Guest is a pretty well-known troll on Droid Life.

3
Rob Dallara 4 days ago Tillmorn
that damn 'Guest' guy is everywhere!
Share
Share
Share
Share
Share
Share
Share
Share
Share
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 6/12
Reply
that damn 'Guest' guy is everywhere!

4
Reply
dazeone 4 days ago Guest
Jail breaking an iPhone has been done on every iPhone. IPhone is just as vulnerable. Where there is a will there is
a way.


Reply
iPhones suck 4 days ago Guest
You can't hack an iPhone, just asked the 20 something celebrities that have had their pictures stolen off their
phones, i.e. naked scarlet johanson


Reply
iPhone's suck 4 days ago iPhones suck
Wish I had that iphone hack, would love to see alison brie's pictures on her phone.

1
Reply
Nathan Borup 5 days ago Greg Morgan
Seriously... he told everyone that he was done with the Moto X


Reply
Justtyn Hutcheson 5 days ago Nathan Borup
This exploit reaches far, far beyond that little guy. So, he wasn't working on the Moto X specifically, he just used one
as the best known, previously-uncracked bootloader. Motorola was renowned during its OMAP-using days for its
nigh-impenetrable bootloaders, and with the exception of the Qualcomm-based exploits they have continued to be.
So by showing off on a Motorola device, the credibility of the exploit existing on nearly all Snapdragon SoCs is
increased, as any exploits are unlikely to be found in Motorola's proprietary security measures.

7
Reply
Nathan Borup 5 days ago Justtyn Hutcheson
Yeah, I understand this. I just thought it was funny he used a moto X since he said he was done with it


Reply
j 5 days ago
Just give us the friggen option. If you want to void our warranties, that's fine.

18
Reply
stang68 5 days ago
I just want to easily root my Verizon Moto X...

12
Reply
Nathan Borup 5 days ago stang68
In case you are $45 desperate... I'll just leave this here. http://forum.xda-developers.co...
I did this to my phone and have not regretted it since
But now that a bootloader unlock exploit came out, you might want to be a little patient until it gets easy to do

2
Share
Share
Share
Share
Share
Share
Share
Share
Share
Share
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 7/12
Reply
funnyfarm299 4 days ago Nathan Borup
What about those that have a 2013 build?


Reply
sirmipsalot 5 days ago stang68
If you can easily unlock the bootloader, then you *can* easily root it.

2
Reply
stang68 5 days ago sirmipsalot
Yes, let's hope he releases it!

2
Reply
tyguy829 5 days ago stang68
Not that I'm encouraging verizon's terrible and hostile practices, but why didn't you get the dev edition?

2
Reply
stang68 5 days ago tyguy829
Couldn't pay the (I think) $600 it was at the time.

3
Reply
Gr8Ray 5 days ago stang68
Also, it's an ugly phone.

4
Reply
C-Law 5 days ago Gr8Ray
No sir

3
Reply
Nathan Borup 5 days ago stang68
Look into Pie root

1
Reply
Justtyn Hutcheson 5 days ago Nathan Borup
Doesn't work for 4.4.4 (that's the reason jcase released Pie; it was patched and thus rendered useless to him), so
once you update you're done. Looking at this, there is every possibility that 4.4.4 was patched against this vuln,
which means we're back to square 1.


Reply
hoosiercub88 4 days ago Justtyn Hutcheson
It didn't work on Verizon 4.4.2 either.


Reply
Nathan Borup 5 days ago Justtyn Hutcheson
Yeah, but if you're looking for root, you know you shouldn't update...


Share
Share
Share
Share
Share
Share
Share
Share
Share
Share
Share
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 8/12
Reply
imlip 5 days ago Nathan Borup
4.4.4 patched it.


Reply
chris_johns 5 days ago Nathan Borup
whats this?


Reply
Nathan Borup 5 days ago chris_johns
http://forum.xda-developers.co...
Its only for 4.4.2 or lower though


Reply
Kevin 5 days ago stang68
You have the option if you're on 4.4.2. If not then you lost your chance to root.


Reply
haaris 5 days ago stang68
towelroot


Reply
chris_johns 5 days ago
that droid hd was a sexy phone

7
Reply
Lucas Tanos 5 days ago chris_johns
I think its a great example of a phone made for last. The materials and the look was great, I hope motorola made another
version.

1
Reply
TheRunner024 5 days ago
I'm glad I bought the Developer Edition.

5
Reply
needa 5 days ago TheRunner024
too bad it could not be customized.

6
mcdonsco 5 days ago
Still waiting for the day someone takes this to court for devices purchased at full retail to be able to request and have the boot
loader unlocked on the device they own.
Of course OEM's would then say "warranty would be void" but I'd be okay with that as I'm sure others would be too...most of the
time if the phone works fine out of the gate it will continue to do so.
One day maybe.
Share
Share
Share
Share
Share
Share
Share
Share
Share
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 9/12
Reply
Imagine being able to buy any android phone you want and IMMEDIATELY being able to run stock android on it that day...would be
so nice.

3
Reply
sirmipsalot 5 days ago mcdonsco
If this were to happen, the carriers wouldn't necessarily have to allow the device on their network.
would given the open-access requirements of the 700 MHz spectrum they use). So while it's possible that you could get a
ruling that the OEMs have to give you bootloader-unlock access to the device (if bought from the handset OEM, for
example - thus, not subsidized), most of the carriers could at least theoretically turn around and have some onerous
"security checkin" requirement on the device to continue accessing their network after initial handshake. I'd like to see such
a ruling, but honestly, it'd probably just escalate the arms race.


Reply
Jason B 5 days ago sirmipsalot
Doubtful, as the Nexus phones/tablets are already allowed on U.S. carriers (but only the N7 2013 is usable in band
4 AWS Verizon areas) and various Dev Edition phones too.
Basically, if it's already been certified by the FCC for its usable radio frequencies and tested thoroughly, it shouldn't
be blocked from access. The wireless carriers are using OUR frequencies anyways.


Reply
sirmipsalot 5 days ago Jason B
Licensing FCC spectrum does not have the open-access requirements you're talking about, except in the
notable exception of Verizon's 700 MHz block. Just because it has been granted access in the past does
not mean that it will always be that way. Nothing actually requires them to do this, legally.
of a device means absolutely nothing about whether a carrier has to accept it (or accept it 'equally') on to
their network. If this was true, frequency-compliant CDMA devices would have to be granted access on to
compatible CDMA networks, but of course that isn't true. FCC device certification only means that it
complies with FCC regs and is compatible with the networks it claims to be.
There are various potential technical countermeasures to connecting a non-blessed device to a network,
even on GSM - including traffic-shaping.


Reply
acras 4 days ago sirmipsalot
You keep bringing up the 700 MHz spectrum open access requirement and saying that is the exception, that
Verizon has to allow access. Verizon specifically ignored that requirement with the LTE Nexus 7 for 6
months so they could push out their crappy 7" tablet before "approving" the N7 for their network. Verizon will
be the LAST carrier to allow unlocked devices on their network. Case in point, list the carriers that you can
run the Nexus 5 on. Theres one missing...


sirmipsalot 4 days ago acras
Verizon specifically was sued over the N7 LTE fiasco. But it's a great example of how a carrier can
technically comply with the regulations (even though it's dragging things out) yet still be miserable for
customers.
And the N5 isn't usable on Verizon because, among other things, Verizon also has a CDMA requirement in
Share
Share
Share
Share
Share
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 10/12
Load more comments
HTC Launches Budget-Friendly Desire 600 and 800
Devices in US
27 comments 11 hours ago
ROR1997 It's actually smart to do it on a mid range phone
because it can help sell because it has the iPhone look
OnePlus One Receiving Update to Android 4.4.4 Starting
Today
66 comments 15 hours ago
truth_cutz It shouldn't take long to push the update to 20 or
30 phones....
Friday Poll: Of Your 10 Closest Friends and Family, How
Many Own Android Phones?
Galaxy Note 4 Reportedly Photographed, Reveals 5.7
QHD Display and Chamfered Edges
ALSO ON DROID LIFE: AN INTENSE ANDROID NEWS COMMUNITY
Reply
And the N5 isn't usable on Verizon because, among other things, Verizon also has a CDMA requirement in
addition to its use of the regulated LTE block. The entire reason the N7 even could/would work on Verizon's
LTE is that it had no CDMA component at all, and its connectivity was *solely* on the (regulated) LTE block.
Take that away, and there wouldn't have been a Verizon-compatible N7, either.
VoLTE will suddenly bring open-access of all devices to Verizon. That's still a long way off, and the
practicality of that (given that Verizon is also using less-regulated spectrum for LTE now, too) is unclear for
customers.


Reply
Jason B 5 days ago sirmipsalot
You're thinking about it way too much. Basically, wireless carriers want to make money by providing their
services. If they disallow bootloader unlocked devices and alienate customers, it wouldn't be viable,
especially as more and more people want control over the devices they rightfully own.
term, some could block access, but once that gets out, the company in question may permanently damage
its reputation in the process after the small, but vocal minority speak out and request action.
And CDMA is a closed-source technology, so that's not a good analogy.
While Verizon has an open access clause for C-block, it doesn't disallow them from "certifying" devices and
preventing you from registering said device on their network (unless you already have a SIM with an active
account). The fiasco with the Nexus 7 LTE proved that.


Reply
sirmipsalot 5 days ago Jason B
You're overestimating how many customers even know what an unlocked bootloader is, and you're vastly
underestimating the track record of the carriers when it comes to asserting and attempting to maintain
control of their networks.
Thanks for bringing up the Verizon/N7 fiasco. The exact same situation could happen on any GSM carrier if
they so chose, as could any variants thereof. GSM being an open technology means absolutely squat with
respect to any carrier building additional software layering above it.
The small but vocal minority you're talking about has been railing against Verizon for how long?
these comments pages are full of people sticking with them and begging for their precious instead of
speaking with their wallets. Even among this minority, there's no actual impact on business practices.

1
Share
Share
Share
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 11/12
228 comments 3 days ago
Jesus Otero They're neither friends nor family if they don't
own and Android device.
241 comments 16 hours ago
JBartcaps I hate the word chamfered
Subscribe Add Disqus to your site
About Droid Life
We consider ourselves to have the greatest Android community in the world, here at Droid Life. We talk
general news, feature apps, review phones, and even teach you how to hack a little. But most importantly,
there is no place on the internet that has the reader participation that we do and consider ourselves to be
completely community driven. If you were looking for the best place to learn about Android and talk with
like-minded folks about all things tech, then Droid Life is for you.
Follow Us
Facebook Google+ YouTube Twitter Subscribe
12/8/2014 Dan Rosenberg Unlocks Moto X Bootloader, Says Almost All Snapdragon Devices are Vulnerable (Updated) | Droid Life
http://www.droid-life.com/2014/08/07/moto-x-bootloader-unlock-qualcomm/ 12/12
DRD Life Inc. About Contact Advertise Privacy Policy
Handcrafted by Coulee Creative.