Deciphering phone and embedded security – Part 2: What really happens during an unlock operation

Smart Phones as it stands today have some of the most sophisticated security measures deployed by the manufacturers to be able to restrict the users from manipulating the device. Specifically on Android, that being open platform , the Greek or development community have been often successful in defeating these measures, thus installing custom ROMs to be able to customize the phone or even unlock the phone before the expiry of the term with service provider. Part I of the series cover general Android architecture to make readers aware about the basic Android platform and the associated framework including the common terminology used like Rooting and Flashing. Part II links it all together and takes a deep dive as to what really happens at the hardware level during an unlock operation and tricks hackers use to fool or bypass bootloaders and install custom ROMs. Part III covers various flavors of bootloaders that are offered by the manufacturer to provide levels of protection/security and the way some of them get compromised. Leveraging existing security measures discussed in first three parts, Part IV takes it further and describes ideal security capabilities that could be included on next generation embedded devices. Techniques describes are to rather to increase cost of attack with a acceptable level of risk for a particular application. Just like there is no free security, there is no full security!!