Google Nexus 9 SensorHub Firmware Downgrade Vulnerability

ID: 92797
CVE: None
Download vulnerable application: None

Google Nexus 9
 Vulnerable Version:
Nexus 9 Android Builds before N4F27B - May 2017, i.e. before bootloader
Install N4F27B or later (bootloader version
 Technical Details:
The Nexus 9 device contains a SoC manufactured by Cywee which implements a "Sensor Hub". The SoC is an STM32F401B/C ARM Cortext-M4 MCU, managed by a driver available under drivers/i2c/chips/CwMcuSensor.c. The platform communicates with SensorHub via I2C bus #0 and 4 GPIO ports.
 Upon the platform boot, the CwMcuSensor driver queries the firmware's version (I2C register 0x10). If it does not match the one found in the vendor's partition (/vendor/firmware/sensor_hub.img), it switches to the bootloader mode, and upgrades the firmware (again, via I2C). Please note that the firmware is not signed.
 By issuing a proprietary fastboot oem command: 'sensorhubflash', a physical attacker / malicious charger / malicious headphones (via the UART interface, exposed by the headphones jack - see our blog post [2]) can downgrade the SensorHub firmware to an old version, saved under the 'SER' partition (/dev/block/mmcblk0p19). This version may contain vulnerabilities which may allow the attacker to compromise the MCU.
One may claim that it is not an issue because the platform would immediately upgrade the firmware upon boot (since its version is different from the one found in the vendor image), however, in Nexus 9, the I2C buses could be accessed via the fastboot interface, by using the fastboot oem {i2cr, i2cw, i2crNoAddr, i2cwNoAddr, i2cdetect} commands. (I2C could also be accessed via UART, in the HBOOT mode. [2]) Thus, the attacker could interact with the old firmware BEFORE it was replaced by the platform using I2C, and thus potentially exploit a security vulnerability which would allow him to return a bogus version identifier, bypassing the platform's check. Please note that the SoC's I2C code runs in privileged mode.
 For more details and PoC, visit the Aleph Research Vulnerability Report [1].
Google patched the vulnerability on build N4F27B / bootloader by removing the 'sensorhubflash' bootloader command. In addition, Google restricted access to the I2C buses - The I2C related bootloader commands are no longer available.
Please note that although Google published the advisory on the April 2017 Security Bulletin [3], the patch has been included only since the April 5 2017 Security Patch Level, where the April Nexus 9 image (N4F26X) has the April 1 2017 Security Patch Level, hence it does not contain the patched bootloader.
1-4-2 (www02)