Security

Critical Zero-Click RCE Vulnerability in SuperNote Nomad Tablets Exposes Users to Remote

tuffbrownboy


Google News

Overview of the Security Breach

A critical security flaw has been identified in the SuperNote A6 X2 Nomad, a popular 7.8-inch E-Ink tablet from Ratta Software. This vulnerability, cataloged under CVE-2025-32409, could enable hackers on the same network to seize full control of the device without any user interaction, potentially installing a rootkit for overarching access.

Discovery of the Flaw

The flaw was uncovered by security experts at Prizm Labs, who noted significant concerns for users depending on the device for professional and academic purposes. Initial tests involving an Nmap scan identified an open port which led to deeper investigation into the device’s security architecture.

Detailed Analysis of the Vulnerability

The SuperNote’s software, particularly the SuperNoteLauncher.apk, was dissected to trace the origins of the open port to a built-in custom HTTP server, intended for simplifying device-to-device file transfers via Wi-Fi. This discovery uncovered a chain of exploitable flaws:

  • The server allowed unauthenticated file uploads which could be manipulated for malicious intents.
  • A time-based file name conflict resolution mechanism was bypassed using a multi-threaded uploading strategy, hence substituting legitimate firmware with a malicious one.

The Exploit Strategy

The researchers drafted two synchronized file transfer events where the legitimate ‘update.zip’ file’s name is poached by a malicious payload right after the legitimate transfer concludes. This intricate timing manipulation, coupled with the misuse of outdated developer keys and an unlocked bootloader, allowed the malicious update to be recognized and installed by the system.

Completing the Malicious Attack

By repackaging the firmware to include an Android rootkit and a C-based reverse shell, the attacker could gain persistent, full access to the tablet. The malicious package was implanted through the device’s normal update process, silently installing the rootkit without the user’s interruption during plausible system reboot or USB connection events.

Security Implications and Mitigation

This grim scenario exposes the risks associated with networked IoT devices — especially those with inadequate firmware security measures. Users are advised to:

  • Turn off Wi-Fi when not in use.
  • Avoid connection to insecure or public networks.
  • Stay updated with the manufacturer’s patches and updates.

While Ratta Software has yet to release an official response, the vulnerability’s assigned CVE suggests that updates and fixes are in the pipeline. Security professionals and device users must stay vigilant and proactive in safeguarding their devices from such remote threats.

Follow our continuous coverage on IoT security developments on Google News, LinkedIn, and X for instant updates on security news and alerts.

Related: Critical UPI Outage Disrupts Millions of Transactions Across India

Last Updated: April 12, 2025

Post Views: 12

Related Posts