Flock Safety Bravo Edge AI Compute Device Lack of Secure Boot Vulnerability

A vulnerability exists in the Flock Safety Bravo Edge AI Compute Device running firmware version BRAVO_00.00_local_20241017, due to Secure Boot being disabled. This flaw allows attackers to flash modified firmware without any cryptographic protections, potentially leading to unauthorized modifications or malicious payloads being installed on the device.

Impact

Exploitation of this vulnerability could result in unauthorized firmware being flashed onto the device, with no cryptographic verification to ensure its integrity or authenticity. This could allow for malicious modifications to the device's software or functionality.

Reproduction

The vulnerability can be reproduced by flashing a modified firmware image onto the device using the Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This can be done by physically accessing the device and using a Qualcomm EDL/Flash cable or by manually putting the device into EDL mode.