Google Patches Up Severe Exploit in the Nexus 6 and Nexus 6P

Google Patches Up Severe Exploit in the Nexus 6 and Nexus 6P

On 6 devices, attackers can eavesdrop on communications including phone calls and SMS, while modem restrictions on the still current 6p model restrict attackers to stealing text messages.

The vulnerability was part of a cluster of security holes found by security researchers at IBM's X-Force all related to a flaw-tagged CVE-2016-8467-in the phones' boot mode, which uses malware-infected PCs and malicious power chargers to access hidden USB interfaces.

"Furthermore, this level of access to the Nexus 6 modem allows attackers to find the exact Global Positioning System coordinates with detailed satellite information, place phone calls, steal call information and access or change nonvolatile items or the EFS partition", says Roee Hay and Michael Goberman of IBM's X-Force application security research team.

Details have emerged on one of the high-risk vulnerabilities that Google patched in last week's Android Nougat update, a bug that could allow an attacker to force a phone into a special boot mode that then gives him access to extra functionality and the ability to intercept calls and take other actions.

It was complex to activate, requiring the victim to have Android Debug Bridge (ADB) enabled on their devices a debugging mode used by developers to load APKs onto Android phones and to have manually authorized ADB connectivity with the infected PC or charger.

In particular, the Nexus 6 the modem diagnostics interface is of concern as accessing this platform gives attackers access to the modem, which compromises "confidentiality and integrity", the team says. They could also access or change items in the EFS partition, which contains information like the IMEI number, serial number or the phone's product code. Once connected, the user is forced to accept the PC or charger permanently, a few commands are issued, and the device is rebooted.

"Every future boot from this point forward will have the boot mode configuration enabled", IBM says.

"Therefore, the attacker only needs the victim to enable ADB once", the researchers added.

Attackers with a victim device in their hand can boot Nexus devices into fast boot and choose BP-Tools or Factory. PC malware on an ADB-authorized machine might also exploit CVE-2016-8467 to enable ADB and install Android malware.

"Such an ADB connection would enable an attacker to install malware on the device".

As Ars Technica UK explains, older Nexus 6 phones were more vulnerable than the 6P, "but (the newer phone's firmware) could still be used to break into the modem's AT interface".

Google has capped a risky but somewhat obscure boot mode vulnerability that allowed infected PCs and chargers to put top end Nexus phones into denial of service states. Google flagged this as "moderate severity", and patched it in October.

Related:

Comments

Latest news

Conservative dinner in Calgary with Trump advisor Kellyanne Conway cancelled
For now, let's look past what we know about Trump's heart. "He's making a disgusting gesture on video". Conway was in December given a key position in Mr.

Nicki Minaj breakup with Meek Mill
Young Money's Nicki Minaj and Drake are going to get 2017 started off right with new projects gearing up to hit retail outlets. Previously, Minaj had opened up about her fantasy of running away with Drake and getting married.

TNA Impact Wrestling tapings spoilers
Rosemary, the current TNA Knockout Champion, cut a promo about there being more challengers than she was capable of taking on. Dissension between The Wolves starts brewing to set up a Davey Richards heel-turn on Edwards.

Stock Showing Surging Activity: Advanced Micro Devices, Inc. (NASDAQ: AMD)
The last close places the company's stock about $1.61 off its 52 week high of $10.19 and $5.42 above the 52 week low of $3.16. The 52-week high for Advanced Micro Devices, Inc. stands at -7.96% while the 52-week low stands at 553.20%.

Other news