Amnesty International (I’m not agreeing with all their political takes by referencing them) has apparently uncovered a zero day exploit chain used by Cellabrite that should work across pretty much all android devices:
I always thought it would be interesting to use such a vulnerability to root a previously unrootable phone. What currently unrootable phones would be on your list to root?
Kyocera and sonim
Kyocera dura xv e4610
Can you explain this a little exactly what it is?
It is a bug in the Android code that controls USB connections that contains a security vulnerability. This security vulnerability (once we know what it is), will let any device that connects to an android phone via USB to inject commands into the phone that can run as root, even if the phone hasn’t been rooted yet.
How do we figure this out?
The Sonim Xp3900 that I bought recently seems to be defective and I’m probably returning it.
I was considering buying a different phone this time even though overall I consider what I have now to be one of the best flip phones on the market, because it didn’t seem to be practical to get root on it.
In short it makes a big difference whether I’d be able to use this exploit or not.
Anyone have more info about it?
No, they won’t release info until there is a patch available.
Actually, there is a patch available already:
CVE-2024-53104
I just have no idea of how to go about exploiting it.
Is it known what the vulnerability is?