Universal bootloader, Das U-Boot, can be found in the Amazon Kindle, ARM Chromebooks, and other networking hardware. It has recently been discovered by researchers at ForAllSecure that the U-Boot’s file system drivers are riddled with vulnerabilities. The flaws are a recursive stack overflow in the DOS partition parser, two buffer-overflows in ext4 as well as a double-free memory corruption flaw in ext4. Issues like these could potentially lead to Denial-of-Service (DoS) attacks, device takeover, and code-execution. Local and remote exploitation paths both exist. If external media is used to boot the targeted device then attackers who could gain physical access would be able to rearrange its boot process and control the loading of the OS, leading to a near-total device takeover. On the other hand, devices that are configured to network boot are open to remote compromise of that network which could allow the perpetrators to attack the U-Boot device from the local network location.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is