Profile picture
Elliot Alderson @fs0c131y
, 11 tweets, 8 min read Read on Twitter
<Thread> Hi @WikoMobile 👋! Let's talk about the Wiko Freddy phone.
This phone was released October 2016 and is now selling for 99.99€.
Because of the @WikoMobile and Tinno negligence, I'll show you how your data can be stolen even if your phone is protected by a lock screen. 1/
With the help of 3 critical vulnerabilities left by Tinno. If an attacker manages to get a physical access to your device, he has multiple ways to get your data.
Let's assume as a hypothesis that the device is protected by a PIN code and the developer options are disabled 2/
1st scenario:
1. Reboot in bootloader mode
2. fastboot oem unlock-tinno
Thanks to this backdoor aka "forgotten" fastboot command, you can unlock the bootloader without wiping your data 🤦‍♂️ 3/
As the phone bootloader is unlocked when a thief gets their hands on it, they can boot a custom recovery environment.
From the recovery mode, they could use the adb command to access all the data on your device. This bypasses any PIN or password used to secure your device. 4/
2nd scenario:
1. Shutdown phone
2. Plug to computer
3. Wait charger screen
adb is enabled in charging mode 🤦‍♂️‍ 5/
In this 3rd scenario, let's assume as a hypothesis that the device is not protected.
1. Boot your device
2. "adb shell setprop persist.tinno.debug 1" 6/
This persist.tinno.debug system property is a backdoor which allow you to have a root shell 🤦‍♂️
As a consequence, you can easily root your device (with bootloader locked). An attacker can also pull the content of sdcard to his computer (SMS, photos, videos,...). 7/
As a summary, I found 3 critical vulnerabilities in the Freddy phone:
1. adb is enabled in charging mode
2. "setprop persist.tinno.debug 1" is enabling adb root
3. "fastboot oem unlock-tinno" is unlocking the bootloader without wiping the device 8/
These 3 flaws combined allow an attacker with a physical access to steal your data even if your device is password protected.
Let's be super clear, these flaws had been created and left by Tinno. This shows that Tinno doesn't care about security. 9/
So, next time you are buying a cheap phone like this one don't be fooled. You are putting intentionally all your data (SMS, photos, videos,...) in a device with 0 security.
It's like buying a new house without a door... 10/10
cc @AndroidAuth @AndroidPolice @androidcentral @androidandme @Androidheadline @AndroidPolice @xdadevelopers @AndroidSPIN @TheHackersNews @verge @CNET @VICE @WIRED @JAMESWT_MHT @malwrhunterteam @hackerfantastic @LukasStefanko @twandroid @ANDROIDPIT @FigaroTech @virqdroid @LEXPRESS
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Elliot Alderson
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @fs0c131y see all

Profile picture
In 1981, the Primrose fails on a beach of the North Sentinel Island, pushed by a typhoon. You can still see the wreckage on Google Map, in a creek, in the northwest. The crew was saved only by a helicopter operated by the Indian Navy.
Exact coordinates on Google Maps. Open the link, this Island is wonderful! google.com/maps/place/Nor…
Awesome article in French about the North Sentinel Island from @lemondefr lemonde.fr/international/…
Read 3 tweets
Profile picture
I have a @Frida question: How to deal with a HashMap? I'm intercepting a Java method, "this" has a Hashmap in his attributes. I want to print the content of this HashMap cc @oleavr @enovella_
cc @NowSecureMobile 👋
cc @fridadotre
Read 3 tweets
Profile picture
.@Paytm, the most used banking app in #India, just sent a dummy notification to his users in the middle of the night. Imagine the reaction of the guy (hacker?) when he realised that he just sent a notification to millions of people
Paytm published a tweet regarding this notification
Read 3 tweets

Related threads

Profile picture
I very much appreciate this question from Max.

I agree on his take re how the lawyering of written responses would presumably reduce Trump's exposure to perjury charges.

But here are ways in which I think it still spells trouble for Trump.... <thread>...
1. Even a reduction in exposure does not mean it reduces it enough.

President Trump may also now be pinned, so that if Mueller (or a future prosecutor of a then-former president Trump) gets to interview Trump as follow-up under subpoena, the risks to DJT will be much higher.
2. Trump lawyers may have overly trusted their client's word (as happened with Ty Cobb). And maybe we should believe Trump's bombast that he played oversized role in directing written responses

Here's what I mean about Cobb and his strategy to have Trump cooperate with Mueller…
Read 5 tweets
Profile picture
UPDATE: Lawyers for Good Government

♦️Project Corazon♦️

More reports from Dilley, Texas

Courtesy of L4GG member Pam Woldow and her husband Doug Richardson

Please support Protect Corazon by texting CORAZON to 91999

lawyersforgoodgovernment.org/project-corazo…

<Thread>
We first thought Dilley isn’t inherently evil-just a large, emotionless machine running on bureaucratic inertia. Now we learn that for some, that’s not true. For them, Dilley is a torture chamber, built to cause the most extraordinary pain and exert devastating control over women
We have yet to see a single drug dealer, gang member or vandal bent on a life of crime in the US. That’s what they’ve risked their lives to escape, not what they intended to bring to America. And yet we expend enormous resources to keep these victims from victimizing us.
Read 11 tweets
Profile picture
<THREAD>

There's been some talk of "primarying out" Democrats who voted for the CR. We've all heard of the Tea Party, but does anyone know who founded it?

I do. His name is Damon Eris./1
Damon championed third-party politics and urged us to "Dump the Duopoly." We used to comment on each others blogs. Even though we disagreed, Damon would promote liberals as well as conservatives, as long as they weren't Democrats of Republicans./2

politeaparty.blogspot.com
I remember when the the Kochs co-opted the Tea Party, effectively deposing him leader. Damon was devastated. There's a difference between being politically conservative & being a racist. Damon was the former, and was deeply troubled by the vulgar conservatives who usurped him./3
Read 11 tweets
Profile picture
<THREAD> This is a season of peace, but we need to pause for a minute to talk about war. The greatest security threat in the coming year is the prospect of a massive war on the Korean Peninsula—& Trump's dangerous gambit toward North Korea makes that outcome much more likely. 1/
North Korea has had nukes since the mid-2000s. During the 2016 campaign, when the North’s capability only seemed to threaten our regional allies South Korea and Japan, Trump was relatively sanguine. 2/
In fact, candidate Trump even suggested that Seoul & Tokyo should fend for themselves and consider getting their own nukes to counter the threat from North Korea rather than turning to America for help. nytimes.com/2016/03/27/us/… 3/
Read 37 tweets
Profile picture
<Thread> Some thoughts on Pakistan in President Trump's National Security Strategy:

- The updated US #NSS is same old: pressure Pakistan, carrots & sticks, etc. This has stopped working for a long time and it won't start working now.
- America has failed in Afghanistan to achieve its official objectives (forget about unofficial objectives for now). US now must blame Pakistan to save face. People are asking: how did ISKP + dozens of other groups pop up in AFG right under nose of US & NATO? #NSS
- Pakistan will likely stay committed to its current position regardless of how much pressure is applied by US, which let's face it, won't be much since Pakistan still holds important cards in Afghanistan. There's no way more pressure will change anything.
Read 10 tweets
Profile picture
<THREAD> I'm now hearing this meme that governments around the world have defeated communism.

Guys. It's time for some Marxist theory
A spectre is haunting Europe--the spectre of Communism. All the Powers of old Europe have entered into a holy alliance to 1/590
exorcise this spectre: Pope and Czar, Metternich and Guizot, French Radicals and German police-spies. Where is the party 2/590
Read 592 tweets

Trending hashtags

#WePayYOU #LawyersResist #MaximeNicolle #OKLMZERETURN #Resistance #GeeksResist #VoteBlue #ThanksTrump #MendocinoComplex #BlueWave #Protip #ZinkeIsTheWorst #Grassleymemo #démission #MentalHealth #RIC #BlizzardOfUS #MemorialDayWeekend #TakeItBack #OKLM #DonnieTwoScoops #RefusePolarization #BlizzardInLA #Safaitic #HimToo

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!