Google Patches Android Custom Boot Mode Vulnerability

A high-risk Android custom boot mode vulnerability was one of many bugs patched by Google as part of its January Android Security Bulletin released earlier this week. On Thursday, the IBM security team that discovered the vulnerability disclosed details about the flaw which leaves Nexus 6 and P6 model handsets open to denial of service and elevation of privilege attacks.
According to IBM’s X-Force Application Security Research Team, the vulnerability (CVE-2016-8467) allows an attacker to use PC malware or malicious chargers to reboot a Nexus 6 or 6P device and implement a special boot configuration, or boot mode, which instructs Android to turn on various extra USB interfaces.
Related Posts
Those interfaces, according to Roee Hay and Michael Goberman, co-authors of the report, can be used by the attacker to gain access to the phone’s modem diagnostics interface where the adversary can manipulate functionality of the modem.
Most likely vectors for this type attack, Hay said, is via a USB cord that connects a Nexus device to a PC infected with malware, a physical attacker gains access to the device, or when a phone is plugged into a malicious charger designed to perform a so-called juice-jacking attack.
Triggering the Android vulnerability isn’t difficult, according to X-Force. “The PC malware or malicious charger can boot the Nexus 6/6P device with the special boot mode configuration if Android Debug Bridge (ADB) is enabled on the device… Once connected, the victim must authorize the PC or charger on the device if it wasn’t permanently authorized before the attack,” Hay and Goberman wrote.
Next, the attackers can issue four commands (see right) to reboot the device with the special boot mode that enables access to the advanced modem interface. “Every future boot from this point forward will have the boot mode configuration enabled. This means the attack is persistent and no longer requires ADB to run, although it still requires USB access,” according to the researchers.
为什么人们对国内的不少网络通讯软件很不信任,却仍然要用呢?
When asked if a wider range of Android devices are vulnerable to these type attacks, IBM said tests were limited to the Nexus family of devices. Neither Samsung nor LG‘s January security bulletins list the (CVE-2016-8467) vulnerability highlighted in the X-force report.
Once attackers gain access to the modem’s diagnostic settings they can be rejiggered to allow for the interception of Long-Term Evolution (LTE) data. With that type of access, adversaries can intercept phone calls, find the exact GPS coordinates of devices, place phone calls, steal call information and access or change nonvolatile items or the EFS partition, X-Force wrote in its report.
While this vulnerability impacts Nexus 6, other P6 models are affected to a lesser degree because the modem diagnostics are disabled in the modem’s firmware, which prohibits the nefarious activities, according to X-Force. However, X-Force said, the vulnerability in 6P enables the Android Debug Bridge interface even if it was disabled in the developer settings user interface.

派拉软件斩获2016年度中国身份安全认证领域和大数据领域两大产…
“With access to an ADB-authorized PC, a physical attacker could open an ADB session with the device and cause the ADB host running under the victim’s PC to RSA-sign the ADB authentication token even if the PC is locked,” according to X-Force. “Such an ADB connection would enable an attacker to install malware on the device.”
Researchers also warned of additional USB interfaces that attackers can access, such as the modem AT interface – also vulnerable in Nexus 6. “By accessing that interface, an attacker can send or eavesdrop on SMS messages and potentially bypass two-factor authentication,” Hay and Goberman wrote.
According to Google, the vulnerability in the bootloader could enable both a denial of service condition and an elevation of privilege attack. In the case of the elevation of privilege attack, the threat is only rated as moderate “because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission).”
In their report Hay and Goberman also explain a second, less severe, vulnerability (CVE-2016-6678) impacting Nexus P, P6 models. The flaw is in the Motorola USBNet driver that could enable a local malicious application to access data outside of its permission levels. The issue was rated as moderate in the October Android Security Bulletin because it first requires compromising a privileged process, according to the Google bulletin.
又有大量敏感信息现身黑客论坛,地下信用卡信息买卖平台交易火爆。

猜您喜欢

加密更加安全 E人E本T9S平板元旦促销
中联重科与新快报陈永洲事件背后的信息安全思考
一个信息安全动画小故事,随意丢弃损毁的U盘,被保洁员拾走,泄了密……
韩国就“萨德”问题召见中国大使中方回应
SEIGNEURIE SMARTMONEYREPORT
移动设备安全快速指南