{"guid":"c1acc5c2-58b2-4ed5-a504-351b8b93c171","title":"BootStomp: On the Security of Bootloaders in Mobile Devices","subtitle":null,"slug":"34c3-9205-bootstomp_on_the_security_of_bootloaders_in_mobile_devices","link":"https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9205.html","description":"In our paper we present a novel tool called BootStomp able to identify security vulnerabilities in Android bootloaders (such as memory corruptions) as well as unlocking vulnerabilities. During its evaluation, BootStomp discovered 6 previously unknown vulnerabilities across 4 different bootloaders. Finally BootStomp has been open-sourced to help the security community.","original_language":"eng","persons":["Audrey Dutcher"],"tags":["34c3","9205","Security"],"view_count":1222,"promoted":false,"date":"2017-12-27T00:00:00.000+01:00","release_date":"2017-12-28T01:00:00.000+01:00","updated_at":"2025-12-05T19:30:04.319+01:00","length":1702,"duration":1702,"thumb_url":"https://static.media.ccc.de/media/congress/2017/9205-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2017/9205-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2017/c1acc5c2-58b2-4ed5-a504-351b8b93c171-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2017/c1acc5c2-58b2-4ed5-a504-351b8b93c171-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/34c3-9205-bootstomp_on_the_security_of_bootloaders_in_mobile_devices","url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_title":"34C3: TUWAT","conference_url":"https://api.media.ccc.de/public/conferences/34c3","related":[{"event_id":4763,"event_guid":"2ef3b60f-6e5c-4c23-a145-d263685ec13e","weight":48},{"event_id":4766,"event_guid":"19b7e5d7-bba7-46da-afbc-f16d43fe395f","weight":51},{"event_id":4784,"event_guid":"65a25dfd-56dd-4e87-a910-334e2dc25a9c","weight":52},{"event_id":4790,"event_guid":"edd02e52-28f8-4f3e-8b17-75cffecb6d7f","weight":49},{"event_id":4794,"event_guid":"a2887b4a-0c9d-4220-a52f-c65c20ae25d7","weight":98},{"event_id":4796,"event_guid":"ff24373e-ebe2-4077-9db0-eae5ab003538","weight":35},{"event_id":4797,"event_guid":"c7b3314c-165c-446d-963c-609922ea990f","weight":48},{"event_id":4803,"event_guid":"23d59026-ab98-4f6c-a46d-0bb3e1788a67","weight":48},{"event_id":4808,"event_guid":"acab4111-aba7-44f7-b56e-ef805dcacd00","weight":46},{"event_id":4811,"event_guid":"16c756dd-cb07-4c0e-9885-98243026f7cf","weight":45},{"event_id":4812,"event_guid":"7edaed35-e938-4a13-b21c-aac4bb0ebf94","weight":50},{"event_id":4813,"event_guid":"d5d27820-0e97-4c19-bf57-b470cbbd97ef","weight":76},{"event_id":4818,"event_guid":"c02f6777-5e55-46ca-8d60-1810a8d5f3c7","weight":12},{"event_id":4819,"event_guid":"55f921ed-ab90-4553-9903-8658557ac447","weight":48},{"event_id":4826,"event_guid":"16645200-2036-4a3c-a44d-a5ff44ac2991","weight":79},{"event_id":4833,"event_guid":"e1a60f7b-6a56-4dce-ab3a-c686fa940aa8","weight":42},{"event_id":4856,"event_guid":"c5bfac96-8290-438a-a47a-ebdbf0ab5365","weight":65},{"event_id":4866,"event_guid":"117a52b4-f675-49dd-aafe-659c07b6bc9c","weight":50}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.en.srt","state":"complete","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2021-02-21T17:46:39.533+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.en.srt","url":"https://api.media.ccc.de/public/recordings/44449","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":177,"length":1702,"mime_type":"video/mp4","language":"eng","filename":"34c3-9205-eng-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T16:02:54.751+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-9205-eng-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.mp4","url":"https://api.media.ccc.de/public/recordings/20971","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":177,"length":1702,"mime_type":"video/mp4","language":"deu","filename":"34c3-9205-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T16:03:01.951+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-9205-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.mp4","url":"https://api.media.ccc.de/public/recordings/20972","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":257,"length":1702,"mime_type":"video/mp4","language":"eng-deu","filename":"34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T16:03:11.990+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_hd.mp4","url":"https://api.media.ccc.de/public/recordings/20973","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":96,"length":1702,"mime_type":"video/mp4","language":"eng-deu","filename":"34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-12-28T16:32:06.881+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-sd/34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_sd.mp4","url":"https://api.media.ccc.de/public/recordings/21003","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":108,"length":1702,"mime_type":"video/mp4","language":"eng-deu","filename":"34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_hd-slides.mp4","state":"new","folder":"slides-h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T17:06:28.787+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/slides-h264-hd/34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_hd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/21046","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":196,"length":1702,"mime_type":"video/webm","language":"eng-deu","filename":"34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-12-28T17:25:42.419+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/webm-sd/34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/21079","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":18,"length":1687,"mime_type":"audio/opus","language":"eng","filename":"34c3-9205-eng-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2017-12-28T20:24:05.763+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/opus/34c3-9205-eng-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.opus","url":"https://api.media.ccc.de/public/recordings/21148","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":25,"length":1687,"mime_type":"audio/mpeg","language":"eng","filename":"34c3-9205-eng-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2017-12-28T20:25:07.906+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/mp3/34c3-9205-eng-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices.mp3","url":"https://api.media.ccc.de/public/recordings/21150","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":353,"length":1702,"mime_type":"video/webm","language":"eng-deu","filename":"34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T21:15:20.206+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/webm-hd/34c3-9205-eng-deu-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/21227","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":36,"length":1702,"mime_type":"video/mp4","language":"eng","filename":"34c3-9205-eng-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_sd-slides.mp4","state":"new","folder":"slides-h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-01-02T15:31:20.429+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/slides-h264-sd/34c3-9205-eng-BootStomp_On_the_Security_of_Bootloaders_in_Mobile_Devices_sd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/22279","event_url":"https://api.media.ccc.de/public/events/c1acc5c2-58b2-4ed5-a504-351b8b93c171","conference_url":"https://api.media.ccc.de/public/conferences/34c3"}]}