14 DAY TRIAL // Google has shut down a high-severity exploit on the Nexus 6 and Nexus 6P smartphones manufactured by Motorola and Huawei, respectively. Attackers who had USB access could have taken over the onboard modem on the phones during boot-up.
Access to the onboard modem would further grant them the opportunity to listen in on phonecalls or intercept mobile data packets, Ars Technica reveals. It appears that the vulnerability was part of a cluster of security holes, related to a flaw in the phones’ bootmode. Attackers could use malware-infected computers and malicious power chargers in order to access hidden USB interfaces.
The exploits were discovered by a team at IBM X-Force. Phones that had the Android Debug Bridge (ADB) enabled were especially vulnerable to the exploit. The ADB is a mode often used by app developers in order to load APKs on Android phones.
Still, the team from IBM X-Force said that attackers could use other workaround methods to activate the ADB and get access to the phone’s modem. After getting USB access, attackers would have to reboot the phones into a special bootmode that enabled the additional interfaces they might further need.
Google patched the exploits with a software update
The exploit allowed attackers to place phone calls, steal call information from the two devices or find the phone’s exact GPS coordinates. They could also access or change items in the EFS partition, which contains information like the IMEI number, serial number or the phone’s product code. Loss of files in this partition could lead to the phone not being recognized by your carrier on the network.
The fact that the Nexus 6 had modem diagnostics disabled in the firmware made this phone model more vulnerable compared to the 6P. However, there were ways to get control over the device and send or read text messages and even bypass two-factor authentication.
Fortunately, Google managed to quietly patch up the exploit with a software update for the Nexus 6 released in November and for the Nexus 6P earlier this month. It seems that the issue was solved before anyone could exploit the flaw in the two phones.