Google Patches Up Severe Exploit in the Nexus 6 and Nexus 6P

Google plugs severe Android bootmode vuln that exposed devices to spying

On 6 devices, attackers can eavesdrop on communications including phone calls and SMS, while modem restrictions on the still current 6p model restrict attackers to stealing text messages.

The vulnerability was part of a cluster of security holes found by security researchers at IBM's X-Force all related to a flaw-tagged CVE-2016-8467-in the phones' boot mode, which uses malware-infected PCs and malicious power chargers to access hidden USB interfaces.

"Furthermore, this level of access to the Nexus 6 modem allows attackers to find the exact Global Positioning System coordinates with detailed satellite information, place phone calls, steal call information and access or change nonvolatile items or the EFS partition", says Roee Hay and Michael Goberman of IBM's X-Force application security research team.

Details have emerged on one of the high-risk vulnerabilities that Google patched in last week's Android Nougat update, a bug that could allow an attacker to force a phone into a special boot mode that then gives him access to extra functionality and the ability to intercept calls and take other actions.

It was complex to activate, requiring the victim to have Android Debug Bridge (ADB) enabled on their devices a debugging mode used by developers to load APKs onto Android phones and to have manually authorized ADB connectivity with the infected PC or charger.

In particular, the Nexus 6 the modem diagnostics interface is of concern as accessing this platform gives attackers access to the modem, which compromises "confidentiality and integrity", the team says. They could also access or change items in the EFS partition, which contains information like the IMEI number, serial number or the phone's product code. Once connected, the user is forced to accept the PC or charger permanently, a few commands are issued, and the device is rebooted.

"Every future boot from this point forward will have the boot mode configuration enabled", IBM says.

"Therefore, the attacker only needs the victim to enable ADB once", the researchers added.

Attackers with a victim device in their hand can boot Nexus devices into fast boot and choose BP-Tools or Factory. PC malware on an ADB-authorized machine might also exploit CVE-2016-8467 to enable ADB and install Android malware.

"Such an ADB connection would enable an attacker to install malware on the device".

As Ars Technica UK explains, older Nexus 6 phones were more vulnerable than the 6P, "but (the newer phone's firmware) could still be used to break into the modem's AT interface".

Google has capped a risky but somewhat obscure boot mode vulnerability that allowed infected PCs and chargers to put top end Nexus phones into denial of service states. Google flagged this as "moderate severity", and patched it in October.

Related:

Comments

Latest news

Woman arrested after framing husband's ex-girlfriend in Craigslist 'rape fantasy' scam
The defense attorney believes the man the two women have in common was somehow involved, characterizing him as "manipulative". But authorities now believe that Diaz was actually behind the Craigslist ads and emails in an effort to set up Hadley.

Avon Products, Inc.'s (AVP) jumped 7.00% in past week
Acosta Fernando offloaded 85,198 shares in the company at a per-share price of $5.06 and ended up generating $431,100 in proceeds. Following the acquisition, the director now directly owns 18,215 shares in the company, valued at approximately $100,182.50.

Verizon's Biggest Unlimited Data Users Will Need To Migrate
So if you're using hundreds of gigs of data per month on a Verizon unlimited plan, you may want to begin looking at other plans. It's more than possible that customers that don't make this move could be cut off from Verizon's network completely.

£47.6m offer for Roma's Kostas Manolas launched
Meanwhile in other Man United transfer news, Memphis Depay and Morgan Schneiderlin have both been placed on the transfer list . Manchester United will launch a huge offer for Kostas Manolas.

Other news