The situation is a dream for law enforcement or a forensics outfit wishing to gain root access to a targeted device. Android researcher Jon Sawyer on Wednesday publicly disclosed the situation, which he’s called Pork Explosion as a swipe at what he calls overhyped and branded vulnerabilities.
“As a physical threat, it’s bad; game over,” Sawyer said. “It’s easy to do and you get complete code execution on the device, even if it’s encrypted or locked down. It’s exactly what a forensics company or law enforcement officials would love to have.”
The backdoor was found in a bootloader built by Foxconn, Sawyer said. Foxconn builds phones and some low level software for firmware. Two vendors’ devices have been impacted so far—InFocus’ M810 and Nextbit’s Robin phones—but Sawyer cautioned that there are likely more.