×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Motorola Releases an Official Bootloader Unlocker

Soulskill posted about a year and a half ago | from the uncommonly-helpful dept.

Android 123

New submitter Nertskull writes "Motorola has released a tool to allow anyone to unlock the bootloader on their phone/tablet. The only supported device so far is the Photon Q 4G LTE, though three other devices are supported through their developer unlock program. Support for unlocking other devices is supposedly on its way." Motorola leads into the unlocking process with this amusing tidbit: "WARNING: Motorola strongly recommends against unlocking the bootloader and/or modifying or altering a device's software or operating system. Doing so can have unintended, unforeseen, and dangerous consequences, such as rendering the device unusable, violating applicable laws, or causing property damage and/or bodily injury, including death." Careful, folks; unlocking that bootloader might kill you.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

123 comments

Wow (0)

Anonymous Coward | about a year and a half ago | (#41036101)

I see how you might overheat your phone cpu or battery, but I thought all that ever came from that was a burned crotch! Apple... >_>

Re:Wow (5, Insightful)

Anrego (830717) | about a year and a half ago | (#41036327)

Adding a few words to a disclaimer and accepting a little mockery is a hell of a lot cheaper than the lawsuit when someone, somehow manages to kill themselves with a software change...

Re:Wow (1)

Anonymous Coward | about a year and a half ago | (#41036399)

Indeed. Someone could sue saying, my relative unlocked the bootloader, which broke the brand new phone, giving him or her a heart attack, and there was no way to call 911.

Re:Wow (5, Interesting)

Anonymous Coward | about a year and a half ago | (#41036545)

actually this is real possibility, because of pressure for battery capacity and size manufacturers of most smartphones have to use some very unstable materials for battery ones that DID have exploding problems before.

in order to stop batteries from overheating or exploding there are pretty sophisticated chips /controllers built-in controlling their allowed charge rate/charge current/allowed discharge percentage/discharge speed, if by unlocking boot-loader you are able to access/reprogram battery controller you could because of software error cause battery to overheat or explode so this disclaimer is more than valid as in
"we put some mechanisms to protect you in this phone, should you remove it and hurt yourself somehow its your fault we are not paying a million bucks for damages to you or your family"

Re:Wow (3, Funny)

flex941 (521675) | about a year ago | (#41037343)

Why so complicated and technical?

Unlocking the bootloader can cause death, because the one doing the unlocking probably proceeds by rooting his device and putting god knows what on the device.

Next thing you know, the guy is on the road exploiting the GPS functionality of said and unlocked/rooted device. But the GPS is now a bit flaky (just buggy software or intentionally misleading)
and instead directing the guy to the real highway gives him a parallel side-road but displaying to correct one. The guy - feeling really good about everything and listening to the pathetic music
coming off the car-radio - does not notice a thing.

Next thing you know some guerilla guys stop his car, help him get rid of his earthly possessions and one the way to the heavenly roads. Nice and quick.

So, unlocking your bootloader can kill you. And no explosion in your face needed for that to happen.

Re:Wow (0)

Anonymous Coward | about a year ago | (#41038363)

And they say TV doesn't influence us. 1 point for Hollywood.

Re:Wow (1)

flex941 (521675) | about a year ago | (#41039533)

I actually got a good giggle out of your comment. In addition to those I had during writing my previous one.

Thank you.

Re:Wow (3)

Miamicanes (730264) | about a year ago | (#41037551)

The problem with that argument is that one might legitimately argue that if there's a safety issue that's mitigated through software, the need for modified firmware to do the same needs to be communicated. 99.9% of damage and hard-bricking is caused by either booby traps left by the manufacturer to trap the unwary, or important details like "always monitor the battery temperature, and back off if it exceeds N degrtees Celsuis" that aren't disclosed.

I'm happy to see that Moto is finally starting to become non-Evil under the ownership of Google. I'm disappointed as hell by the fact that the Photon Q was totally gimped by Sprint and/or Motorola. This would be a great phone if it were in a blister pack at Wal Mart being sold for use with some value-priced prepay network. It's not, however, a top-tier best of breed flagship Android phone:

* 540x960 qHD. WTF?!? 540x960? And not even OLED? The Q's display is a decisive step down from the Photon 4G. Note to Sprint & Moto: the next generation of any phone is supposed to AT LEAST as good as what it replaced, especially now that we're going to be stuck with the damn phone for almost two painfully long years thanks to last year's abolition of 12-month upgrades.

* tiny battery that can't even be swapped when it dies halfway through Friday night. If they'd put a huge battery inside like the one in the Razr Max, it might have been tolerable. But 1785mAH? You can't be fucking serious. I'd literally burn through that in 3 hours.

* Half the flash of its predecessor. WTF. Read the note above about how successor phones are supposed to be a step up, not down.

* Nonremovable SIM. Yay, it can roam on GSM in other countries... except at $2.50/minute, nobody is going to actually DO it knowingly and voluntarily once they find out how badly Sprint is going to rape them for doing it. Overall, this is just kind of like Sprint turning around and giving us a final kick in the balls, just for good measure.

It's been years since I've actually left the US, but the sealed-SIM anti-feature ALONE is enough to make me want to leave Sprint, because it demonstrates total and complete contempt towards us. I mean, really... once you factor in the administrative cost of roaming, and fighting with livid customers who just got a bill for $900 in roaming charges after spending 3 days in Montreal, how much extra is Sprint *really* going to make compared to what they would have not made by just giving it a normal SIM slot and charging a $35-50 one-time admin fee to unlock the SIM lock during the first year of a contract? Sprint could even offer an olive branch to deflect criticism and waive the fee if the customer puts down a $400 deposit that gets returned after the contract's 12th month (knowing that 99.9% of customers would just say 'fuck it' and pay the $35-50).

It's a shame, because I love Motorola's build quality and superior radios. But the harsh fact is, I'm going to be stuck with my next phone for 20 long, painful months now that Sprint has taken away our annual upgrades, so my next phone has to be damn near flawless & one I'm sure I'll be able to live with. The Photon Q is not that phone. I can only pray to the flying spaghetti monster that 18 months from now, Sprint + Moto will be unleashing an unlocked Nexus device with specs to die for.

Re:Wow (2)

ErikPeterson (912282) | about a year and a half ago | (#41036417)

A disclaimer like this also gives a good deal of publicity to the announcement, almost begging an article like this to be posted.

Re:Wow (5, Funny)

TheGratefulNet (143330) | about a year and a half ago | (#41036419)

yup, last time I saw someone do an 'rm -rf' he lost one of his fingers. and once, a friend of a friend tried running fdisk and to this day, he still can't talk right.

it can happen, folks! believe it.

Re:Wow (3, Funny)

Anonymous Coward | about a year ago | (#41036679)

Yeah, the Yakuza take system administration very seriously.

Re:Wow (1)

flonker (526111) | about a year ago | (#41037409)

You've never seen fsck on a mounted file system, have you? Blood everywhere, Even on the ceiling. However, they never did find the bodies.

Re:Wow (-1)

Anonymous Coward | about a year ago | (#41038413)

I mounted and fucked a girl on the rag once. Never again. From now on, I'll take a blowjob or just jack off.

Re:Wow (-1)

Anonymous Coward | about a year ago | (#41038753)

I mounted and fucked

No need to self-censor. We're all adults here, you can say the fs-word.

Re:Wow (3, Informative)

Mousit (646085) | about a year ago | (#41037919)

This disclaimer is not nearly as silly or crazy as one might think. CyanogenMod, for example, has well-documented problems with E911 functionality on various phone models. In fact they completely dropped support for the T-Mobile Samsung Vibrant because dialing 911 didn't work! [theunlockr.com]

I don't know about you, but I can sure see the inability to call 911 to be a "dangerous consequence" that could absolutely lead to "property damage and/or bodily injury, including death" even if it's not the phone itself that's literally the thing killing you.

Re:Wow (1)

VortexCortex (1117377) | about a year ago | (#41037829)

I see how you might overheat your phone cpu or battery, but I thought all that ever came from that was a burned crotch! Apple... >_>

Depends on what you do with the phone after it's been unlocked -- Personally, I'm glad they're not hiding it anymore, at least we know the risks: Run afoul of any powerful organisations today and you get disappeared.

Re:Wow (1)

Cute Fuzzy Bunny (2234232) | about a year ago | (#41038081)

The answer is much simpler than some silly battery problem. Samuel L. Jackson is not a fan of unlocked bootloaders. In fact, he's mother@%$#ing tired of these ^%@#$ing unlocked bootloaders, and he's going to open up a very, very large cap of whupass on everyone who installs one.

So...pretty comprehensive disclaimer. I used to stick a half page one at the end of most of my work, talking about incorrect line voltages and pirates.

Actually... (1, Insightful)

Anonymous Coward | about a year and a half ago | (#41036125)

Unlocking your bootloader *can* kill you. Mind you, it also requires that after unlocking, you also root your device and send the CPU into overdrive, causing the Li-Ion battery to melt/explode. So it's not a proximate cause, but the potential is still there.

Re:Actually... (3, Informative)

arielCo (995647) | about a year and a half ago | (#41036503)

I don't know how this gets rated Insightful and not Troll/Funny, but here goes:
  1. Unlocking the bootloader is not the same, does not require, or is a prerequisite for rooting a device. Just as in a PC, the bootloader controls what kernel gets loaded, mostly by checking a signature. Some bootloaders even allow dual booting.
  2. Unlocking the bootloader has nothing to do with overclocking ("CPU into overdrive")
  3. Overclocking, badly done, will mostly drain your battery very fast. The phone itself will overheat, possibly shortening the lifetime of the battery, but hardly anywhere near enough to make it burst/combust.

You're welcome to provide well-researched counterexamples.

Re:Actually... (1)

Anonymous Coward | about a year and a half ago | (#41036563)

Unlocking the bootloader IS a prerequisite for rooting most devices, and is absolutely the preferred method. The only way around this is to use some sort of hack method.

Absolutely true on the overclocking part, but it's something of a chain: to overclock you need to root, and to root you need to unlock the bootloader (usually, see above).

Re:Actually... (0)

Anonymous Coward | about a year ago | (#41036737)

Writing failure, meet reading failure.

I read it as "... *can* kill. Mind you, it also requires ...", you read that as "Unlocking bootloader ... Mind you it also requires ..."

Re:Actually... (1)

arielCo (995647) | about a year ago | (#41037171)

You're right; that would strike down the first observation. The main point stands: given that unlocking the BL does not imply overclocking and even that isn't that dangerous, the whole post is somewhat like "Going to Walmart can kill you. Ok, you have to go to the sports aisle and shoot yourself with a BB gun in the right spot". Back on topic, there are many reasons to unlock the BL (and rooting) other than squeezing MHz: some stock kernels lack features like advanced routing (for VPNs) and swap space. I for one was eager to see the latter in my aged Milestone (aka Droid).

Re:Actually... (0)

Anonymous Coward | about a year ago | (#41037527)

Unlocking the bootloader is not the same, does not require, or is a prerequisite for rooting a device.

Yes, it is.

Just as in a PC, the bootloader controls what kernel gets loaded, mostly by checking a signature. Some bootloaders even allow dual booting.

This is not a PC, it is an Android mobile phone.

Unlocking the bootloader has nothing to do with overclocking ("CPU into overdrive")

Yes, it does. You cannot overclock the CPU unless the device is rooted and in order to root the device, the bootloader must be unlocked.

Overclocking, badly done, will mostly drain your battery very fast. The phone itself will overheat, possibly shortening the lifetime of the battery, but hardly anywhere near enough to make it burst/combust.

That totally depends on the brand, model and capacity of the battery.

In short, you don't know what you are talking about.

Re:Actually... (0)

Anonymous Coward | about a year ago | (#41037643)

a) Unlocked bootloader is sufficient, but not neccessary for rooting. It's easiest way, but as "rooting" is basically "installing user accessible sudo", it can be achieved by other means, like security exploits.

b) Android mobile phone is a general purpose computer with Android OS installed. With unlocked boot loader you can install a different OS (given it has drivers needed for your device) and it will cease to be "an Android mobile phone". My Android smartbook, for example, is currently running ARM Ubuntu.

c) see (a)

d) Might be. But batteries nowadays have controllers preventing them from charging/discharging too fast and they aren't generally accesible for tweaking.

Right Step! Right Guys? (3, Interesting)

maweki (999634) | about a year and a half ago | (#41036139)

We've seen companies opening up in the past and often they started closing down again after time. Let us hope they stay open and even more, let us hope it works for them from a business perspective, so that other companies may follow.
As long as the guys in the suits think they make more money by closing down, we still have a problem.

Re:Right Step! Right Guys? (1)

bigjocker (113512) | about a year and a half ago | (#41036433)

Posting to undo wrong mod :( sorry

Re:Right Step! Right Guys? (1)

TwineLogic (1679802) | about a year ago | (#41037471)

Augh! That's how to undo a wrong mod. Thanks for the example.

Re:Right Step! Right Guys? (1)

Decker-Mage (782424) | about a year ago | (#41038795)

Yes, that was a useful example. Especially since I'm seeing mod points every other day. Sheesh!

Re:Right Step! Right Guys? (1)

chmod a+x mojo (965286) | about a year ago | (#41040819)

Every other day? I used the last batch up this morning before I went out for coffee with a friend. Came back to 5 more this after noon already... in the last 2-3 weeks or so I have gotten mod point almost as fast as i use them up.

Re:Right Step! Right Guys? (0)

Anonymous Coward | about a year ago | (#41036843)

Not only did Sony start the whole official support for unlocked bootloaders, they have been so good at contributing back to Android that they're now getting official AOSP support.

http://unlockbootloader.sonymobile.com/ [sonymobile.com]

"I've added a git project for the Sony LT26, i.e. Xperia S. This seems like a good target: it's a powerful current GSM device, with an unlockable bootloader, from a manufacturer that has always been very friendly to AOSP" - JBQ

https://groups.google.com/forum/m/?fromgroups#!msg/android-building/zji_sQGN9Oo/MoaS0xidmRMJ [google.com]

It seems to work out just fine.

Re:Right Step! Right Guys? (0)

Anonymous Coward | about a year ago | (#41037493)

Samsung does it better by not locking the bootloader in the first place.

There may be legal issues, too. (4, Informative)

Ungrounded Lightning (62228) | about a year ago | (#41037701)

As I read their entry in wikipedia [wikipedia.org]:

- There was pressure from the Android community.
-- Motorola promised an unlocking tool "by the second half of 2011".
- When it didn't appear, complaints were mad to the FCC about violation of a Part C rule that appears to REQUIRE a way for ordinary users to unlock the bootloader and load anything they want.

So this may be Motorola's response, 14 1/2 months late.

I wouldn't be surprised if Motorola held off, or limited the models unlocked, to avoid violating contract provisions with carriers that resell their phones with their service plans at greatly discounted prices.

Re:There may be legal issues, too. (1)

Anonymous Coward | about a year ago | (#41038141)

I think it might be that Google purchase thing. I wouldn't be surprised if all new phones were factory unlocked from now on, but who knows?

Hmmmm (0)

Anonymous Coward | about a year and a half ago | (#41036147)

WARNING: Motorola strongly recommends against unlocking the bootloader and/or modifying or altering a device's software or operating system. Doing so can have unintended, unforeseen, and dangerous consequences, such as rendering the device unusable, violating applicable laws, or causing property damage and/or bodily injury, including death.

It almost sounds as though they're not entirely enthusiastic about the idea.

--
I don't usually reply to gweihir (88907) either. So there.

Re:Hmmmm (0)

Anonymous Coward | about a year and a half ago | (#41036189)

And yet they still went ahead and did it, which is a hell of a lot more than any of their rivals have done. So what's your point?

Re:Hmmmm (0)

Anonymous Coward | about a year ago | (#41036639)

You probably mean "than many of their rivals", because there's a plenty of unlocked/unlockable Android devices out there.

Even Sony, not really known for their for openness, have released boot unlocker for Xperias.

Now for iOS? (1, Offtopic)

bhagwad (1426855) | about a year and a half ago | (#41036153)

When is Apple following suit?

Re:Now for iOS? (0, Insightful)

Anonymous Coward | about a year and a half ago | (#41036177)

when they start to become irrelevant.

Re:Now for iOS? (4, Informative)

oakgrove (845019) | about a year and a half ago | (#41036237)

The RAZR MAXX is actually a really nice popular phone with phenomenal battery life. I'd hardly call it's manufacturer irrelevant. Not only that but Motorola is owned by the developer of Android the smartphone OS with by far the largest install base. I'm not sure what you're mad about but your post comes off as sour grapes sounding.

Re:Now for iOS? (1)

ToastedRhino (2015614) | about a year ago | (#41037063)

I think their practically non-existent smartphone market share and negative profit share makes them pretty irrelevant at the moment. As you pointed out, however, they're part of Google now so all of that may change in the future. They're gonna have to figure out what to do about Samsung, seemingly the only truly relevant Android OEM at the moment, first though.

Re:Now for iOS? (1)

oakgrove (845019) | about a year ago | (#41037179)

There's more to relevance than market share and Motorola has the fourth largest at 12 percent anyway which Is about half of what Samsung enjoys so again, I'm perceiving some sour grapes in the comments here.

Re:Now for iOS? (0)

Anonymous Coward | about a year ago | (#41037289)

It isn't popular. Have you ever seen one? I haven' seen one yet. I refuse to buy Motorola anymore. They have an anti modding attitude. They phones aren't well supported in the developer community. The vast majority of android phones that I see these days are Samsung. Samsung won. Samsung has twice the market share of Apple. Google bought Motorola for the patents to protect Android phones in general. I'm not gonna list all the other reasons Motorola are behind or globally irrelevant. Google might fix Motorola. I will consider a Motorola phone when they make a good phone that I want, for the network that I want, with support and attitude that I want.

Re:Now for iOS? (1)

oakgrove (845019) | about a year ago | (#41037623)

Have you ever seen one?

It wouldn't matter if I've seen 500 of them or if I've seen not a single one. That's pure anecdote and proves nothing. The fact that it is believed by some to have outsold the iPhone [bgr.com] is a much stronger testament to its popularity and relevance. Also note it's current number one status on Amazon [amazon.com] which is a huge smartphone sales channel.

Re:Now for iOS? (1)

Bill, Shooter of Bul (629286) | about a year ago | (#41038387)

The problem with moto, is that its been joined at the hip with version for most of Android's existence. So while the razor maxx is nice, the Atrix HD on att sucks eggs in comparison with the maxx's battery life. The Atrix I was great, Atrix II was a minor update and not a top rate phone. They need to take a hint from Samsung and actually release the same phone on all carriers at the same time. Make them fast, give them good screens, and make them hackable. Its not that hard.

Re:Now for iOS? (3, Interesting)

Kurrel (1213064) | about a year and a half ago | (#41036203)

Customization doesn't seem to be a terribly high priority for Apple software. Besides which, the unlocked bootloader allows one to easily violate the FCC terms, one of which forbids changing the "intended method of using the product (e.g., how the product is held or used in proximity to the body). A change to any of these factors will invalidate the FCC grant." So perhaps CM7 enabling a 270 degree screen rotation (upside-down landscape) is a gross federal violation.

Re:Now for iOS? (1)

Anonymous Coward | about a year and a half ago | (#41036317)

So perhaps CM7 enabling a 270 degree screen rotation (upside-down landscape) is a gross federal violation.

Doubtful. Anyone could already hold the phone upside down against their ear if they choose to do so.

Re:Now for iOS? (0)

Anonymous Coward | about a year ago | (#41038123)

Let's not forget the fact that the FCC didn't revoke the iPhone 4's certification, even after its purchasers were officially instructed to "hold different"

Re:Now for iOS? (2)

Nerdfest (867930) | about a year and a half ago | (#41036489)

Customization will be popular with iOS users when they are allowed to do it.

Re:Now for iOS? (0)

Anonymous Coward | about a year ago | (#41037333)

No it won't. People who like to customize wouldn't have bought an iOS device to begin with. Apple users clearly don't like choices. If they valued choices, they wouldn't buy Apple products.

Re:Now for iOS? (3, Funny)

Miamicanes (730264) | about a year ago | (#41037981)

> When is Apple following suit?

You didn't get the memo? iPhone 5w. "w", as in "Woz Edition".

Rumored features include

  * Zigbee wireless mesh networking

  * multiplexed pins on the headphone jack that can be repurposed for I2C, SPI, or GPIO (not at the same time, obviously). Oh, and legacy UART (3.3v logic) that also supports Atmel-friendly baudrates (125kbit, 250kbit, 1mbit), 9-bit word length (9/N/1, to be exact), and can use pin #3 for GPIO, RTS, CTS, or synchronous clocking in or out.

  * fixed 4800mAH lithium cell

  * gamepad wings that slide out from the underside (to the left and right when held in landscape orientation). One side has an analog stick & digital stick, the other side has an analog stick & 4 buttons.

* Volume button pair that also serves as the "left trigger button" in "gamepad" orientation, and 2-stage camera button that serves as the "right trigger button" in gamepad orientation. All of which can be intercepted, redefined, and repurposed by end users as they see fit.

The iPhone 5w's flagship applications will be a logic analyzer/DSO, which demonstrates the use of the bundled iProbe (4 clip-on leads, terminating at a 1/8" TRRRS headphone jack). Additional accessories will allow connectivity to most car ECUs, CANbus, and JTAG.

Oh, and the phone will also include a fully-unlocked bootloader. Of course, not even Woz will likely be able to get the Powers that Be at Apple to release the source to their crown jewel, but it won't matter. People will buy one, and reflash it to Android. Even Larry & Sergey will be spotted in public with it (running Android, of course).

Crazy (0)

Anonymous Coward | about a year and a half ago | (#41036161)

It is crazy how they say their phones have a "fully optimized" version of Android. Yes, with CityID and Blur running. Optimized my ass. With (on some phones) over 20 apps installed by Moto and Verizon that you can't remove and don't want. (reference: http://gildude.blogspot.com/2011/08/call-to-action-for-verizon-and-motorola.html [blogspot.com]) When you get updates for those installed apps - so that it not only has the old copy that came with the ROM, but now has another copy in the update. (reference: http://gildude.blogspot.com/2012/04/apparently-its-bloat-week-for-verizon.html [blogspot.com]). Optimized? Not even close. There is a reason that those of us that like to tinker with our devices want to unlock them and put on something better. We also want updates. Not phones frozen at an old "optimized" version. Idiots.

Mark of The Beast: Injectable Code For DNA? (-1)

Anonymous Coward | about a year and a half ago | (#41036181)

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then... you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

##

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

There's thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

* Know your router's firmware may easily be replaced on a hacker's whim?
* Shield all cables against leakage and attacks
* Still use an old CRT monitor and beg for TEMPEST attacks?
* Use TEMPEST resistant fonts in all of your applications including your OS?
* Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
* Use your PC on the grid and expose yourself to possible keypress attacks?
* Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
* Search out informative papers on these subjects and educate your friends and family about these attacks?
* Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don't need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

#

I'm more concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/ [biosbits.org]

Some BIOS has write protection in its configuration, a lot of newer computers don't.

#

"Disconnect your PC from the internet and don't add anything you didn't create yourself. It worked for the NOC list machine in Mission Impossible"

The room/structure was likely heavily shielded, whereas most civvies don't shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

subversion hack:
tagmeme(dot)com/subhack/

network card rootkits and trojans
pci rootkits
packet radio
xmit "fm fingerprinting" software
"specific emitter identification"
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, I've personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn't find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

#
eof

causing... injury... including death... (2)

drstevep (2498222) | about a year and a half ago | (#41036191)

Turn Left! Or so the Nav system of my unlocked phone said, even though I was in the middle of the bridge...

Re:causing... injury... including death... (3)

SternisheFan (2529412) | about a year and a half ago | (#41036407)

Turn Left! Or so the Nav system of my unlocked phone said, even though I was in the middle of the bridge...

If anyone turns off the middle of a bridge, or onto railroad tracks, or off a cliff because their nav system told them to, then good! That's what you call natural selection in the modern age of tech.

Re:causing... injury... including death... (1)

Antarius (542615) | about a year and a half ago | (#41036431)

Don't need a phone for that; I've had two Navman Navigators built 8 years apart try that on me in Adelaide. And if you've ever heard of Adelaide water, you know that'd be fatal.

Re:causing... injury... including death... (0)

Anonymous Coward | about a year ago | (#41037451)

That has nothing to do with an unlocked boot loader. All unlocked bootloaders do is make is easier to use custom kernels, no need for kexec. It doeesn't change your kernel, it doesn't change your rom, it doesn't change your nav system. Nav systems don't even care about these things, they don't make different decisions based on that.

My LOCKED nav system did just about that. (1)

Ungrounded Lightning (62228) | about a year ago | (#41037599)

Turn Left! Or so the Nav system of my unlocked phone said, even though I was in the middle of the bridge...

My LOCKED nav system did just about that to me last year.

I was driving east into Hawthorne NV on an old desert road. Coming through the last pass it told me to turn left midway through the last pass.. Taking the turn would have sent me down about a hundred feet of cliff.

It looks like there was once a wagon road there, which had washed out long ago. Of course the USGS still had the track on their maps, the map vendor had included it, and the nav system picked it because it was slightly shorter than going down the hill to the highway into town.

Some of our friends in a Prius were directed onto the 4x4 trail into Bodie. (Fortunately it was midsummer, and they were JUST able to make it - much to the astonishment of a couple of offroaders they encountered along the way.)

Trusting nav systems, especially in rural areas, is a great way to get killed (typically by getting stuck far from cellphone service), unlocked phone or not.

Progress is always welcome (5, Insightful)

oakgrove (845019) | about a year and a half ago | (#41036193)

You know what else would be nice, Motorola? With your unlocking tool, how about updated drivers for the latest version of Android for at least 3 years into the life of each phone. Having an unlocked boot loader is great but actually being able to install Android version++ and having everything work would be even better.

Re:Progress is always welcome (1)

dutchwhizzman (817898) | about a year and a half ago | (#41036285)

Up this guy

Re:Progress is always welcome (2)

spikenerd (642677) | about a year and a half ago | (#41036459)

Motorola: You will use the OS we provide and you will like it.
Slashdot: Motorola is evil!
Motorola: Ok, we will allow you to mess with your own phone if you really want to.
oakgrove: Thanks, but please do all the work for us too, and make it convenient to abandon your business interests by simply pushing a single button!
dutchwhizzman: Yeah, that would be oss!
Motorola: Hmm, nevermind, just use the OS that we provide and like it.
Me: you dorks!

Re:Progress is always welcome (1)

oakgrove (845019) | about a year ago | (#41036667)

oakgrove: Thanks, but please do all the work for us too, and make it convenient to abandon your business interests by simply pushing a single button!

Even with an unlocked bootloader, in order to use an updated version of Android on a device, you need drivers. The GPU for sure and likely other components on the SOCs Moto use utilize closed hardware that only Moto can provide drivers for. There is no "do all the work for us" as without those drivers, no work can be done unless you get lucky. If Moto goes through the half-measure and unlocks the bootloaders but doesn't provide drivers then you get a half-working solution and Moto's reputation gets tarnished. Providing the drivers wouldn't effect their business model as people would still buy new hardware to enjoy progress in that realm but the community would help furnish Moto with a good reputation as having phones that while not enjoying the guaranteed updates you get with a Nexus or an iProduct, at least provide a workable solution with minimal roadblocks.

make it convenient to abandon your business interests

Who are you to commentate on their "business interests"? If their business interests were being served so well up to this point they'd probably be making large amounts of actual money which is what a business exists for. Maybe the current model isn't working so well. Of course, I'm sure if they had the illustrious "spikenerd" at the helm MM HQ would look like something out of Scrooge McDuck's money bin, right? Right?

Re:Progress is always welcome (0)

Anonymous Coward | about a year ago | (#41036893)

I thought they sold you a phone? It was really a development platform, though? Funny, didn't mention anything about that in any of the literature I could find. Oh well, live and learn.

Re:Progress is always welcome (0)

Anonymous Coward | about a year ago | (#41036941)

Are you going for "ironically stupid"? You know there isn't a mod for that right? Eclipse with the Android SDK plugin is the development platform.

Re:Progress is always welcome (0)

Anonymous Coward | about a year ago | (#41038843)

I suspect a glass of kool-aid convinced him he didn't own the phone or have a right to make it do what he wanted.

  Psst, Phones, Consoles, Macs, uefi Windows, Blu-Ray player.

You paid for it. You own it.

Re:Progress is always welcome (0)

Anonymous Coward | about a year ago | (#41036681)

Me: you dorks!

Oh look. It's an arrogant jackass on Slashdot with strawman in tow. Imagine that!

Re:Progress is always welcome (1)

alexgieg (948359) | about a year ago | (#41036797)

...make it convenient to abandon your business interests by simply pushing a single button!

Why would our pressing a button cause us to abandon them?

Oh, right! When you say "your business interests" you don't mean us, the actual customers paying actual money for actual products! Got it!

All fun and games until it burns yours house down (1)

oic0 (1864384) | about a year and a half ago | (#41036335)

They of course have to cover all their legal bases. Some dolt could theoretically get their battery to catch fire and burn their house down.

Re:All fun and games until it burns yours house do (0)

Anonymous Coward | about a year ago | (#41037579)

You can do that without an unlocked bootloader. These events are not related. Such an event would require additional action. If I shoot someone, do you blame the employer of the grandfather of the guy who invented that gun?

Let me break it down for you. (3, Funny)

supercrisp (936036) | about a year and a half ago | (#41036519)

Rooted custom OS leads to installing from "Uknown Sources." Installing apps from unknown sources leads to installing pirated apps. Installing pirated apps leads to installing pirated media. Pirating media leads to terrorism. Terrorism leads to death. QED.

Re:Let me break it down for you. (0)

Anonymous Coward | about a year ago | (#41036845)

You can install from unknown sources without rooting or unlocking the bootloader....

Re:Let me break it down for you. (2)

supercrisp (936036) | about a year ago | (#41037327)

You can install from unknown sources without rooting or unlocking the bootloader....

"leads to" -- it's a gateway drug. once you start mucking around down in the OS, you're apt to all sorts of perversity. like learning terminal commands.

More straightforward alternative (0)

Anonymous Coward | about a year ago | (#41037097)

... or something mucks with the power controls and overheats the battery

Re:Let me break it down for you. (0)

Anonymous Coward | about a year ago | (#41037373)

With buggy code you can make the battery overheat and start a fire in your luggage, bringing down an airplane, for example.

Re:Let me break it down for you. (1)

Anonymous Coward | about a year ago | (#41037541)

Yeah, because that happens all the time with laptops which are "rooted" by default.

Re:Let me break it down for you. (1)

itsme1234 (199680) | about a year ago | (#41038677)

I haven't seen even one Android phone where you couldn't enable "Unknown Sources".
You don't have root, you have bootloader locked, etc but still you can enable "Unknown Sources"

whats the big deal? (0)

Anonymous Coward | about a year ago | (#41036877)

http://www.htcdev.com/bootloader/

ssdd.

Wake me up when its something, oh, I don't know, worthwhile to read.

It can cause death (0)

Anonymous Coward | about a year ago | (#41037003)

If they hadn't put that in the disclaimer, how long would it take someone to sue them because they used the Motorola unlocker on their Motorola phone to put some alternate ROM in place, and then had a heart attack and 9-1-1 couldn't locate them because of a software bug?

Re:It can cause death (1)

nighthawk243 (2557486) | about a year ago | (#41037109)

Yeah... this was probably one of the reasons. My Tilt 2 on CM7.2 was unstable enough that it would encounter kernel panic every so often (especially when the radio would lose signal, then try to regain it. A RIL panic was common).

There were a few times I ended up in the Ghetto because the thing would reboot while in the middle of Navigation; and it took at least 5 minutes on an extremely clear day to get a GPS lock.

It is nice having a phone I can root that is rather stable on CM10 (Gnex)

Re:It can cause death (1)

CityZen (464761) | about a year ago | (#41037611)

Please mod parent up. This is not a hypothetical issue: there have been issues with getting 911/emergency dialing to work on some phones with custom ROMs. Certain models of the first generation Samsung Galaxy had this problem.

Seems like a good idea (1)

The123king (2395060) | about a year ago | (#41037037)

Keep the ignorant ignorant and stop the stupid killing themselves. Sensible really. When Fast Food restaurants have to warn people that coffee might be a tad hot, I'm not suprised to see Google/Motorola do something like this to stop the ignorant from breaking their phones and suing them for it. Although in my opinion, a disclaimer similar to the MIT license would have been better than a warning akin to that on high voltage cabling. Ah well, that's the way the world is heading...

Re:Seems like a good idea (1)

oakgrove (845019) | about a year ago | (#41037641)

When Fast Food restaurants have to warn people that coffee might be a tad hot

You can blame our illustrious judicial system and multi-million dollar payouts by easily manipulated by sob stories juries for that.

Re:Seems like a good idea (0)

Anonymous Coward | about a year ago | (#41038449)

Yes, because third degree burns to the clitoris are a laughing matter.

This part of the disclaimer bothers me the most... (1)

interval1066 (668936) | about a year ago | (#41037147)

...violating applicable laws...

That I can violate some law by altering a product I bought always interests me. I suppose if I sharpen one end of my android phone and plunge it into some one's chest I'd be violating a law, much as if I had welded a cow catcher to the front of my car and mowed people down with it. If I add an after market clutch system to it however that seems perfectly fine. There's a whole market for that infact. Rooting MY phone? Some kind of law is broken? What is that??

Re:This part of the disclaimer bothers me the most (1)

CityZen (464761) | about a year ago | (#41037633)

What if a hacker added a hidden denial-of-service attack function to a ROM that was widely downloaded?
How can you be sure that no one has?

Re:This part of the disclaimer bothers me the most (0)

Anonymous Coward | about a year ago | (#41037849)

A standard cover-your-ass clause, probably. What if there's some local legislation forbidding unlocking bootloaders on Mondays or some sort of overblown DMCA-like protection?

It's nothing compared to iTunes EULA forbidding use in manufacturing nuclear, biological or chemical weapons.

Too little too late (1)

Anonymous Coward | about a year ago | (#41037323)

I'm writing this post from my new Virgin HTC Evo V. I spent the past two years locked in to a contract with verizon , stuck with a Motorola droid 2 global.

I have over 10 hours logged on the phone wih Motorolaand Verizon customer vervice, yelling, screaming, and crying because of the lockedbootloader. I told them if they could not unlock thebootloader or keep up with its kernel releases then they would earn a permanent spot on my shitlist and would lose me as a customer for life. I would encourage everyone I knew to join me in boycotting their products. They didn't do either so fuck both of them and they horse they road in on. I spent the better half of the past two years stuck with Froyo and my d2g is still 2.3.3. Verizon's data charges were obscene and the bucket plan looks like a bucket full of two years of rape.

I for one do not welcome our obstinate corporate overlords and prefer space / deep ocean Richard Branson any day of the week.

Re:Too little too late (0)

Anonymous Coward | about a year ago | (#41040765)

Partially your fault for not researching the phone first. Before I buy a phone, I always check to see what community support it has.

What is locking/unlocking technically? (0)

Anonymous Coward | about a year ago | (#41039931)

Can someone explain what exactly is done at a technical level to lock or unlock a bootloader?

Why is it that usually it's only the manufacturer can provide an unlock solution?
How do some hackers manage to unlock it regardless?

Thanks.

Re:What is locking/unlocking technically? (1)

nighthawk243 (2557486) | about a year ago | (#41040827)

An unlocked boot loader allows you to flash a new recovery (such as ClockWorkMod) that allows you to flash ZIPs containing new ROMs, Kernels, and other things.
Unlocking the boot loader varies between companies and even phones. My Tilt 2 needed Hard SPL (It was a winmo phone) flashed to replace the stock SPL, that way I could flash CWM on it before getting CM7. My current phone (A Galaxy Nexus) only requires a simple "fastboot oem unlock" command sent to it while in fastboot.
The guys that find a way to unlock it basically reverse engineer it and often find some sort of exploit that they can use to gain access. Many companies keep the phones hard to unlock primarily for 2 reasons: Warranty (since it is possible to brick/damage your phone if you're an idiot) and also as a form of DRM. If you have root access to your phone, it is exceptionally easy to pirate applications.

OS Updates (0)

Anonymous Coward | about a year ago | (#41040187)

Android has a real Achilles heel allowing the phone networks to control OS updates. Putting out unlocking tools so at least the geeks can upgrade is a small first step. The only real solution is wrestling the updates away from the networks, but they despise they can not mess up iOS with paid placements, and will fight tooth and nail to keep installing bloatware on Android phones.

Kexec (0)

Anonymous Coward | about a year ago | (#41040339)

Moto probably gave up and took the high road before Kexec based ROM's took over.

http://forum.xda-developers.com/showthread.php?t=1804665

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...