Short Bytes: The code of Linux kernel of Chinese chipmaker Allwinner contains an easily exploitable root backdoor. Combined with networked services, this could be used to perform remote exploits on the Allwinner’s ARM processor devices. The affected devices also include popular developer boards like Orange Pi and Banana Pi.
Allwinner is a Chinese company that makes processors for low-cost devices like tablets, ARM-based PCs, set-top boxes etc. It looks like the company has recently shipped a Linux Kernel version with a very simple built-in root backdoor.
This dangerous escalation of rights could be achieved by simply doing this:
echo "rootmydevice" > /proc/sunxi_debug/sunxi_debug
This command converts any process with any UID into root. So, just send the text “rootmydevice” to any debugging process and the exploit is done.
It looks like the developers left the backdoor code by mistake after completing the debugging process.
However, Allwinner seems a bit less transparent about this whole saga. The company released information about the same on its GitHub account and later deleted it.
The fact that this root backdoor could be made remotely exploitable combined with networked services that could enable it to access /proc, makes it more dangerous.
Allwinner’s kernel, 3.4-sunxi was developed to develop Android on Allwinner’s ARM processors. Later it also became basis of brining Linux to many Allwinner processors on boards like Banana Pi, Orange Pi, Cunietruck, pcDuino Uno and other devices.
In the past, Allwinner has been accused of numerous GLP license violations and this recent development is another frustrating story.
Have something to add? Share your views in the comments below.