Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Baptiste Robert Profile picture
Baptiste Robert
@fs0c131y
CEO @PredictaLabOff | French Security Researcher, Ethical Hacking, OSINT

Nov 28, 2017, 11 tweets

<Thread> Hi @WikoMobile 👋! Let's talk about the Wiko Freddy phone.
This phone was released October 2016 and is now selling for 99.99€.
Because of the @WikoMobile and Tinno negligence, I'll show you how your data can be stolen even if your phone is protected by a lock screen. 1/

With the help of 3 critical vulnerabilities left by Tinno. If an attacker manages to get a physical access to your device, he has multiple ways to get your data.
Let's assume as a hypothesis that the device is protected by a PIN code and the developer options are disabled 2/

1st scenario:
1. Reboot in bootloader mode
2. fastboot oem unlock-tinno
Thanks to this backdoor aka "forgotten" fastboot command, you can unlock the bootloader without wiping your data 🤦‍♂️ 3/

As the phone bootloader is unlocked when a thief gets their hands on it, they can boot a custom recovery environment.
From the recovery mode, they could use the adb command to access all the data on your device. This bypasses any PIN or password used to secure your device. 4/

2nd scenario:
1. Shutdown phone
2. Plug to computer
3. Wait charger screen
adb is enabled in charging mode 🤦‍♂️‍ 5/

In this 3rd scenario, let's assume as a hypothesis that the device is not protected.
1. Boot your device
2. "adb shell setprop persist.tinno.debug 1" 6/

This persist.tinno.debug system property is a backdoor which allow you to have a root shell 🤦‍♂️
As a consequence, you can easily root your device (with bootloader locked). An attacker can also pull the content of sdcard to his computer (SMS, photos, videos,...). 7/

As a summary, I found 3 critical vulnerabilities in the Freddy phone:
1. adb is enabled in charging mode
2. "setprop persist.tinno.debug 1" is enabling adb root
3. "fastboot oem unlock-tinno" is unlocking the bootloader without wiping the device 8/

These 3 flaws combined allow an attacker with a physical access to steal your data even if your device is password protected.
Let's be super clear, these flaws had been created and left by Tinno. This shows that Tinno doesn't care about security. 9/

So, next time you are buying a cheap phone like this one don't be fooled. You are putting intentionally all your data (SMS, photos, videos,...) in a device with 0 security.
It's like buying a new house without a door... 10/10

cc @AndroidAuth @AndroidPolice @androidcentral @androidandme @Androidheadline @AndroidPolice @xdadevelopers @AndroidSPIN @TheHackersNews @verge @CNET @VICE @WIRED @JAMESWT_MHT @malwrhunterteam @hackerfantastic @LukasStefanko @twandroid @ANDROIDPIT @FigaroTech @virqdroid @LEXPRESS

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling