14 DAY TRIAL // Google has fixed a vulnerability in the Nexus 5X Android images that would have allowed an attacker to dump the phone's memory and extract sensitive information via a USB port.
The vulnerability was discovered by IBM's X-Force team and affected Android images deployed only on LG Nexus 5X devices. The vulnerable versions are 6.0 MDA39E through 6.0.1 MMB29V (or bootloaders bhz10i to bhz10k).
Google fixed the problem with Nexus 5X Android image MHC19J (or bootloader bhz10m).
IBM: Exploitation is straightforward
To vulnerability is easy to exploit, according to IBM, but the attack surface may be small. The company says that it can be used only against Nexus 5X devices that have the Android Debug Bridge (ADB) feature turned on.
Physical access is not needed. An attacker can infect a Nexus 5X owner's PC or smart charger with malware. When the user connects the phone to their PC or charger (using the USB cable), the malware could exploit the flaw and dump the handset's memory.
This happens because the malware can send commands to the ADB terminal, crashing it during a forced reboot. The malware then uses other tools to extract the phone's memory, from where researchers said they were able to recover the password they set up for a device used during tests.
The vulnerability can also be exploited with physical access to the device, but sending all the commands by hand, instead of using automated scripts that the above-mentioned malware scenario uses.
Most users are likely already protected
While the attack surface is small thanks to the low number of potentially affected devices, let's remember that Nexus devices receive security updates on a regular basis from Google itself.
IBM says that this issue was fixed in March, almost six months ago, and Nexus users had ample time to update their devices.
