EvilZone
Hacking and Security => Hacking and Security => : Axon February 17, 2014, 06:56:20 PM
-
So it turns out that Cyanogemod’s built in updater gets it’s update information by contacting http://download.cyanogemod.org/api
Note the http:// part there. It also turns out there’s no signature verification of the flashable .zip file that the custom recovery uses to update. What this means is that anyone who can MITM your connection (Which means the NSA to anyone who can manipulate the BGP routing table all the way down to anyone who can own your router/has access to your local LAN/WLAN) can change where the cyanogenmod update looks for the image file that CM will flash.
https://kyhwana.org/blog/2014/02/17/cyanogenmods-updater-vulnerable-to-mitm-attack/
-
Interesting post, makes me glad that I don't use CM on my phone. I wonder how OPPA (I think that's the manufacturer) feels after putting a phone out with CM baked into it