Universal bootloader, Das U-Boot, can be found in the Amazon Kindle, ARM Chromebooks, and other networking hardware. It has recently been discovered by researchers at ForAllSecure that the U-Boot’s file system drivers are riddled with vulnerabilities. The flaws are a recursive stack overflow in the DOS partition parser, two buffer-overflows in ext4 as well as a double-free memory corruption flaw in ext4. Issues like these could potentially lead to Denial-of-Service (DoS) attacks, device takeover, and code-execution. Local and remote exploitation paths both exist. If external media is used to boot the targeted device then attackers who could gain physical access would be able to rearrange its boot process and control the loading of the OS, leading to a near-total device takeover. On the other hand, devices that are configured to network boot are open to remote compromise of that network which could allow the perpetrators to attack the U-Boot device from the local network location.
Analyst Notes
This is a good reminder for people to not leave their devices unattended in coffee shops or libraries as an attacker can gain control of the device by loading an SD card or USB. If a device is configured to network boot, attackers could plant malware on the target endpoint as a method of initial compromise.
Source: https://threatpost.com/amazon-kindle-embedded-devices-code-execution/150003/