Google Patches Difficult Nexus 6P and Nexus 6 Exploit

The Nexus 6 devices enable interception of communications by attackers, such as SMS and phone calls, whereas current days' limitations on the even latest 6p model prevent theft of text messages by the same attackers.

The security flaw belonged to an assortment of loopholes that IBM's X-Force had discovered and which all associated with the CVE-2016-8467 vulnerability within the smart-phones' bootmode that utilizes malevolent power charges and malware-tainted computers for gaining admission into concealed USB interfaces. Mmaringreport.com posted this, January 10, 2017.

Interestingly what IBM's security researchers revealed pertained to hackers' ability to start off a disabled USB. Following a successful effort, the same hackers were chanced with filching information for e.g., the mobile phones' IMEI numbers; locating sources of calls as well as tracing GPS coordinates. Besides, within EFS partition, the attackers were chanced to alter the items too.

As per Michael Goberman and Roee Hay, researchers from IBM X-Force Application Security Research Team, who divulged more information on the security flaw within certain blog post, exploitation of the vulnerability provides hackers admission into interfaces that provide extra control over any hijacked phone.

There is special concern about modem diagnostics platform of Nexus 6 since reaching this interface allows the attackers to gain entry into the modem that weakens "integrity and confidentiality," according to the team.

Rebooting can be done via leveraging Android Debug Bridge a kind of debugging module that developers also use to side-load application suites of Android. By gaining hold over the modem, con artists can eavesdrop or make phone calls, filch call information, pick up mobile data packages, and find out the accurate GPS coordinates of a device together with thorough satellite info.

The modem patch, which Google tried introducing, fortunately was a solution brought out even prior to end-users encountering possible untoward incidents, while primarily stopping the hackers towards wreaking havoc.

Luckily, Google was able in silently fixing the exploit using one program update to support Nexus 6 issued during November and Nexus 6P in January. Apparently, a solution to the problem was found prior to exploitation of the vulnerability within both the phones.

» SPAMfighter News - 1/16/2017