Google’s Android security team has patched a vulnerability that left Nexus 5X devices open to attack even if the phone’s screen was locked. Researchers at IBM’s X-Force Application Security Research Team discovered the flaw several months ago and worked with Google on a patch that was deployed recently. Disclosure of the vulnerability was shared by IBM’s X-Force team on Thursday.
This key vulnerability allowed attackers to get their hands on full memory dump through the Android Debut Bridge (ADB) even when the device was locked. ADB is a command-line PC tool that can be used for developers with USB-Connected Android devices.
According to IBM, the bug affects all older versions of the Nexus 5X android images and is really straightforward to exploit. Under one of the possible scenario, an attacker who didn’t have access to the targeted phone would need to infect a developer’s PC (ADB-authorized) with malware. Another possible situation involves plugging a handset into a malicious charger. This approach was found to be successful in devices that had ADB enabled. The target would also be required to authorize the malicious charger once it had been connected.
“The attacker reboots the phone into fastboot mode, which can be done without any authentication. A physical attacker can do this by pressing the volume-down button during device boot. An attacker with ADB access can do this by issuing the adb reboot bootloader command,” IBM explained. Android’s ADB function could then be used to execute a “fastboot oem panic” command. This opens the door for an attacker to cause the Android “bootloader to expose a serial-over-USB connection, which would allow an attacker to obtain a full memory dump of the device using tools such as QPST Configuration,” Hay explains in a post detailing the vulnerability. The resulting memory dump of files would then be available for local (USB attached PC) retrieval.
IBM has also found out that due to the bootloader bug, potential hackers would be able to obtain a phone’s password from memory dump. This is disastrous in that it would create a pathway for further attackers.
But not to worry, users of the Nexus 5X are now able to download the update and seal this security loophole. As usual, they should get a system for the OTA (over the air) update immediately it’s available.
Source : IBM
via : ZDnet