Google plugs severe Android vulnerability that exposed devices to spying
Razer
g2s at riseup.net
Mon Jan 9 09:49:13 PST 2017
Malicious power chargers too!
The internet of things hates you.
Google has shut down a "high-severity" exploit in its Nexus 6 and 6P
phones which gave attackers with USB access the opportunity to take over
the onboard modem during boot-up—allowing them to listen in on
phonecalls, or intercept mobile data packets.
The vulnerability was part of a cluster of security holes found by
security researchers at IBM's X-Force all related to a flaw—tagged
CVE-2016-8467—in the phones' bootmode, which uses malware-infected PCs
and malicious power chargers to access hidden USB interfaces. Patches
were rolled out before the vulnerabilities were made public, in November
for the Nexus 6, and January for the 6P.
The exploit also allowed access to find the phone's "exact GPS
coordinates with detailed satellite information, place phone calls,
steal call information, and access or change nonvolatile items or the
EFS partition."
It was complex to activate, requiring the victim to have Android Debug
Bridge (ADB) enabled on their devices—a debugging mode used by
developers to load APKs onto Android phones—and to have manually
authorised ADB connectivity with the infected PC or charger. However,
according to the researchers, there were significant workarounds.
More:
http://arstechnica.com/security/2017/01/google-plugs-severe-android-bootmode-vulnerability/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1891 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20170109/e103de8a/attachment.txt>
More information about the cypherpunks
mailing list