Malicious power chargers too!
   The internet of things hates you.

   Google has shut down a "high-severity" exploit in its Nexus 6 and 6P
   phones which gave attackers with USB access the opportunity to take
   over the onboard modem during boot-up—allowing them to listen in on
   phonecalls, or intercept mobile data packets.
   The vulnerability was part of a cluster of security holes found by
   security researchers at IBM's X-Force all related to a flaw—tagged
   CVE-2016-8467—in the phones' bootmode, which uses malware-infected PCs
   and malicious power chargers to access hidden USB interfaces. Patches
   were rolled out before the vulnerabilities were made public, in
   November for the Nexus 6, and January for the 6P.
   The exploit also allowed access to find the phone's "exact GPS
   coordinates with detailed satellite information, place phone calls,
   steal call information, and access or change nonvolatile items or the
   EFS partition."
   It was complex to activate, requiring the victim to have Android Debug
   Bridge (ADB) enabled on their devices—a debugging mode used by
   developers to load APKs onto Android phones—and to have manually
   authorised ADB connectivity with the infected PC or charger. However,
   according to the researchers, there were significant workarounds.
   More:
   [1]http://arstechnica.com/security/2017/01/google-plugs-severe-android-
   bootmode-vulnerability/

References

   1. http://arstechnica.com/security/2017/01/google-plugs-severe-android-bootmode-vulnerability/