Leak in Nexus 6 bootloader allowed eavesdropping on conversations
Google has patched a serious security breach in the Nexus 6 and Nexus 6P. A malicious person could hack into the modem and then eavesdrop on conversations and intercept mobile data packets. The Nexus 6P was also vulnerable, but its capabilities were more limited there.
The vulnerability was in the bootloaders. To perform the exploit, an attacker had to infect the target’s PC with malware. This malware in turn infects the device when it is connected to the computer via USB. The malware then reboots the device and enables certain USB settings. After that, the modem is open to takeover and GPS coordinates, telephone conversations and mobile data can be intercepted.
When the Android debug bridge mode is active on the phone, the exploit can even survive a reboot. If not, then the malware on the PC must re-infect the phone after the reboot.
The Nexus 6P partly escaped because the modem diagnostics are disabled by default with this device. Attackers could still access the target’s text messages via the same route. They were also able to bypass two-step authentication, view certain information about the device and “a lot more”, writes IBM Security Intelligence, which investigated the security holes.
The updates for the vulnerability, named CVE-2016-8467, were made for the Nexus 6 in November and for the Nexus 6P in January. Only then were the vulnerabilities made public.