article-header

Product

Security Update: APEX Modules Vulnerability FIXED

Product

In November 2023, a security vulnerability was detected in an assorted list of smartphones, including the Fairphone 5, by Meta Red Team X. Fairphone took immediate action to release a security fix in mid-December that solved the issue, meaning that every Fairphone model is now secured against this vulnerability.

The vulnerability detected by Meta Red Team X affects APEX modules and the way they are signed; APEX modules allow original equipment manufacturers (“OEMs”) to update specific portions of the system without issuing a full over-the-air (OTA)  update, but instead only delivering the subsystems that need to be updated. These modules need to be signed with the private key of the OEM during the build process, but it was found that our building process had a shortcoming, and we were using a test key (present in the Android source code build tree) instead of Fairphone’s private key.

This means that, in practice, it would have been possible for an attacker to substitute the incorrectly signed modules with other files signed with the same test key, potentially containing malicious code. Having said that, this is not easy to exploit. The substitution would require either physical access to the device, along with the debugging options activated, or remote access obtained through a chain of other critical vulnerabilities. Yet, it did present a high severity vulnerability.

Triggered by the report on Fairphone 5, we also opened an internal investigation on Fairphone 4 and Fairphone 3/3+, where we found similarly affected APEX modules. The vulnerability was resolved in December 2023 for all Fairphone devices with the following software versions, respectively:

  • Fairphone 5: TT3Y.A.127 (released on the 11th of December 2023)
  • Fairphone 4: TP20.C.087 (released on the 25th of December 2023)
  • Fairphone 3/3+: 6.A.023.1 (released on the 25th of December 2023)

If you have not updated your phone recently, we invite you to install the most recent software version available to you. You can always check manually for system updates in the Settings menu under the System sub-menu. More information on the vulnerability can be found on the original report or the security advisory published by Red Team X.

Share this post

Related posts See all posts

  • Everyone’s talking about the new Fairphone (Gen. 6)

    Everyone’s talking about the new Fairphone (Gen. 6)

    It’s been a couple of months since we launched the latest Fairphone model, the new Fairphone (Gen. 6), and reviews have been pouring in from across the world. The overall verdict? We have a winner on our hands. People have been praising the choice of tech specs, the large battery life, the clean design and...

    Read more
  • Fairphone’s new cables and chargers are better in every way

    Fairphone’s new cables and chargers are better in every way

    Say hello to Fairphone’s all new line of USB long-life cables and fast chargers. With two models within each category, your charging experience has just become quicker, more powerful, and fairer than ever before. Here’s a quick overview. [su_divider top="no"] [caption id="attachment_106325" align="aligncenter" width="650"] The Fairphone USB-C 3.2 Long Life Charging & Data Cable[/caption] USB-C...

    Read more

Fairphone Newsletter

Want to stay in the loop with all things Fairphone?

Suscríbete a nuestro newsletter para enviarte noticias sobre nuestros proyectos

Suscríbete a nuestra newsletter y recibe 5€ de descuento en tu próximo pedido.

Enviaremos el €5 de descuento al correo electrónico que haz especificado en el momento del registro. El código de descuento puede ser utilizado en tu próxima compra superior a 75€. Por favor ten en cuenta que nuestro principal idioma de comunicación es el Inglés. Al suscribirte, aceptas que la información que nos envías será procesada de acuerdo a nuestra Política de Privacidad y Términos de uso.Te pedimos tu nombre y dirección de correo electrónico para enviarte nuestro newsletter con noticias sobre nuestros proyectos, puedes darte de baja en cualquier momento si así lo deseas.

Close