Comment by g947o
13 days ago
That makes sense, but how would an attacker flash an older version of the firmware in the first place? Don't you need developer options and unlocking + debugging enabled?
13 days ago
That makes sense, but how would an attacker flash an older version of the firmware in the first place? Don't you need developer options and unlocking + debugging enabled?
Qualcomm phones come with a special mode (https://en.wikipedia.org/wiki/Qualcomm_EDL_mode) that allows devices to get unbricked even after you break the normal user-updatable "bootloader" on flash completely.
This feature doesn't allow unlocking the bootloader (as in, execute a custom ROM), it's designed to install factory-signed code. However, using it to "restore" an old, vulnerable factory code would obviously cause issues.
Open the case and pogo pin on a flash programmer directly to the pins of the flash chip.
Sophisticated actors (think state-level actors like a border agent who insists on taking your phone to a back room for "inspection" while you wait at customs) can and will develop specialized tooling to help them do this very quickly.