Google has patched a security bug in its Nexus 5X smartphones that could have exposed sensitive user data stored on handsets, even if they were locked.
IBM's security team found the Nexus 5X glitch after discovering a bypass hole that could allow hackers to dump memory from locked phones via a bootloader problem that could also facilitate wholesale memory dumps via USB, such as a charger.
IBM X-Force research lead Roee Hay said exploiting the flaw was simple and only required a device to be put into fastboot mode.
"A vulnerability in Nexus 5X's bootloader allows an attacker to obtain a full memory dump of the device," said Hay. "The vulnerability can be exploited by physical attackers or by non-physical ones having Android Debug Bridge [ADB] access to the device."
One possible scenario where a non-physical attacker can get ADB access is by first targeting an ADB-authorised developer's PC and infecting it with malware, the IBM researchers said.
Another way is by using malicious chargers targeting ADB-enabled devices. "Using such chargers requires the victim to authorise the charger once connected," the IBM team said.
In this instance, the victim is a Nexus 5X user with Android 6.0 MDA39E through 6.0.1. In order to achieve a successful attack, the attacker needs to reboot the phone into the well-known fastboot' mode, which can be done without any authentication.
"A physical attacker can do this by pressing the Volume Down' button during device boot," said IBM Security Intelligence. "An attacker with ADB access can do this by issuing the adb reboot bootloader' command. The fastboot mode exposes a USB interface, which on locked devices must not allow any security sensitive operation to be commanded."
However, what IBM discovered was that if the attacker issued the fastboot oem panic' command via the fastboot USB interface, the bootloader would be forced to crash.
The research team explained that such a crash caused the bootloader to expose a serial-over-USB connection, which allowed them to fetch a full memory dump of the device, using tools such as QPST Configuration. They were then able to expose the users' personal data.
Luckily, Google has patched the security bug since IBM's discovery. To make sure your device is safe from the attack, visit the Google website and download the most up to date Nexus software option.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
