Motorola Bootloader Still Secure; No Hack Imminent

If last night’s news of progress into breaking the bootloader security on Motorola smartphones had you salivating at the thought of a new wave of custom ROMs for your Droid, we’ve got some bad news for you: no critical vulnerability is known of in Motorola’s signing process, and the news may have been the work of a hoaxster.

The hope was that derivation of Motorola’s private key would be possible, allowing developers to sign their own work as if it was blessed by Motorola. Such a hack is similar in functionality to the recent efforts which resulted in compromising PlayStation 3 code verification.

Today the web page William “nenolod” Pitcock set up to describe the Motorola hack has been replaced with text announcing that the news was based on an incorrect assumption about how the bootloader functioned, and that the “only chance of getting keys now is to factorize the public keys”. Considering the strength of modern algorithms, that’s tantamount to saying that the private key will never be recovered. That’s not to say that the bootloader is invulnerable, as there still may be unkonwn flaws in its implementation.

While nenolod’s site plays innocent about the news and its retraction, fingers around the internet are pointing at him, charging that this was an intentional hoax. Supposed screenshots of chat logs show nenolod bragging about hooking us suckers with his news. While we can’t verify such info, and it would be all too easy to fake, this angle adds an unfortunate taint to the story. Let’s hope the next step made towards hacking the bootloader comes about under better terms.

Source: Droid-Life

Discuss This Post

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!