News

Leak in Nexus 6 bootloader allowed eavesdropping on conversations

By admin
Spread the love

Google has patched a serious security breach in the Nexus 6 and Nexus 6P. A malicious person could hack into the modem and then eavesdrop on conversations and intercept mobile data packets. The Nexus 6P was also vulnerable, but its capabilities were more limited there.

The vulnerability was in the bootloaders. To perform the exploit, an attacker had to infect the target’s PC with malware. This malware in turn infects the device when it is connected to the computer via USB. The malware then reboots the device and enables certain USB settings. After that, the modem is open to takeover and GPS coordinates, telephone conversations and mobile data can be intercepted.

When the Android debug bridge mode is active on the phone, the exploit can even survive a reboot. If not, then the malware on the PC must re-infect the phone after the reboot.

The Nexus 6P partly escaped because the modem diagnostics are disabled by default with this device. Attackers could still access the target’s text messages via the same route. They were also able to bypass two-step authentication, view certain information about the device and “a lot more”, writes IBM Security Intelligence, which investigated the security holes.

The updates for the vulnerability, named CVE-2016-8467, were made for the Nexus 6 in November and for the Nexus 6P in January. Only then were the vulnerabilities made public.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Brave sells web content as data for AI training

News

Xbox Community CEO Larry ‘Major Nelson’ Hryb is leaving Microsoft after…

News

Valve releases major Team Fortress 2 update with community maps and new taunts