Google has updated the Android mobile operating system and addressed the dangerous Bootmode exploit which exposes several devices to spying opportunities.
The Bootmode Android Vulnerability Has Been Fixed (CVE-2016-8467)
Google has issued a security updates that amends a dangerous vulnerability classified as a of high severity that affects the Nexus 6 and Nexus 6P devices. The issue allows attackers that have physical USB access to the smart phones to take over the on board modem during the operating system boot-up. As a consequence they can intercept mobile data packets and listen to the initiated phone calls. The vulnerability was discovered as a part of several security holes identified by security experts at IBM’s X-Force team. It is tracked under the CVE-2016-8467 advisory.
The Bootmode exploit also the attackers to find the device’s exact GPS coordinates with detailed satellite information, initiate phone calls, intercept call information and access or change nonvolatile items or the EFS partition itself. The victims need to have the ADB (Android Debug Bridge) enabled on their smart phones. This is a special environment used by developers which allows developers to load APK installers onto the Android devices. In addition a special authorized ADB connection must be created. However according to the experts who identified the problem there are several workarounds to this problem. An excerpt of the report reads the following:
The vulnerability in 6P enables the ADB interface even if it was disabled in the developer settings user interface. With access to an ADB-authorised PC, a physical attacker could open an ADB session with the device and cause the ADB host running under the victim’s PC to RSA-sign the ADB authentication token even if the PC is locked.
Such an ADB connection would enable an attacker to install malware on the device. PC malware on an ADB-authorised machine might also exploit CVE-2016-8467 to enable ADB and install Android malware. The PC malware waits for the victim to place the device in the fastboot mode to exploit the vulnerability.
Once this is achieved and if the attackers have USB access they can reboot the device into a special bootmode which which permanently enable the additional interfaces. Testing has confirmed that the older Nexus 6 phone was more vulnerable to the attack than the 6P which has the modem diagnostics feature disabled in the firmware itself.
Fortunately the issue was fixed before it was made public – the necessary updates have been issued in November for the Nexus 6 and in January 2017 for the 6P.