![]() The vulnerability and its exploitation are rather straightforward: The attacker reboots the phone into fastboot mode, which can be done without any authentication. ![]() Behind the Curtain of the Nexus 5X Vulnerability IBM disclosed this issue to Android a few months ago, and the Android Security Team recently acknowledged it was patched. Using such chargers requires the victim to authorize the charger once connected. A nonphysical attacker could gain ADB access by infecting an ADB-authorized developer’s PC with malware or by using malicious chargers targeting ADB-enabled devices. The vulnerability could have been exploited by physical or nonphysical attackers with Android Debug Bridge (ADB) access to the device. Fortunately, IBM is not aware of any exploitation attempts of this vulnerability. Clearly such an ability would have been very appealing to thieves. The vulnerability would have permitted an attacker to obtain a full memory dump of the Nexus 5X device, allowing sensitive information to be exfiltrated from the device without it being unlocked. The first nonvulnerable version is MHC19J (bootloader bhz10m), released in March 2016. The IBM X-Force Application Security Research Team recently discovered a previously undocumented vulnerability in older versions of Nexus 5X’s Android images (6.0 MDA89E through 6.0.1 MMB29V or bootloaders bhz10i/k).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |