Google patches severe Android boot mode vulnerability

Symantec
Google has resolved a dangerous Android vulnerability which allowed attackers to reboot Nexus devices into custom boot modes, leading to spying and remote attacks.
Patched as part of Google’s January Android security bulletin, the flaw, CVE-2016-8467, grants cyberattackers the ability to use PC malware or malicious chargers to reboot a Nexus 6 or 6P device and implement a special boot configuration, or boot mode, which instructs Android to turn on various extra USB interfaces.
According to IBM X-Force Application Security Research Team researchers Roee Hay and Michael Goberman, who revealed further details of the vulnerability in a blog post, the flaw gives attackers access to interfaces which offer additional control over a compromised device.
In particular, the Nexus 6 the modem diagnostics interface is of concern as accessing this platform gives attackers access to the modem, which compromises “confidentiality and integrity,” the team says.
Once an attacker has gained access to the modem they can intercept phone calls, for example. It would also be possible to sniff mobile data packets and grab information including GPS coordinates of the device for tracking, place phone calls, steal call information and either access or change nonvolatile (NV) items or the EFS partition of a device.
监管新规提升保险业准入门槛
See also: Google patches Dirty Cow vulnerability in latest Android security update
IBM says that if Android Debug Bridge (ADB) is enabled on the device, PC malware or a malicious charger can boot the target device with the special boot mode configuration. Once connected, the user is forced to accept the PC or charger permanently, a few commands are issued, and the device is rebooted.
“Every future boot from this point forward will have the boot mode configuration enabled,” IBM says. This means the attack is persistent and no longer requires ADB to run, although it still requires USB access.”
“Therefore, the attacker only needs the victim to enable ADB once,” the researchers added. “Moreover, a lucky attacker might wait for the device to be in fastboot mode, which requires no authorization from the victim. This, however, is less likely.”
If attackers have physical access to the device, they can also reboot it into the custom boot mode manually.
These issues are less severe on the Nexus 6P due to firmware protections, however, a quirk in the device type means attackers can open ADB sessions even if the mode has been disabled.
In addition, due to the inclusion of additional USB interfaces in both device types, attackers can also access other interfaces to send or on SMS messages and potentially bypass two-factor authentication, escalate privileges, change radio settings and access a wide range of mobile device features.
Google has now patched the flaw by forbidding a locked bootloader to boot with the dangerous boot modes.
In December, researchers revealed that a new variant of Android malware called Gooligan was exploiting unpatched vulnerabilities to steal sensitive user data.
CES 2017: The best mobile tech, PCs and laptops…
SEE FULL GALLERY

1 – 5 of 14
NEXT
PREV
实施信息化工作外包的公司,应制定完备的外包服务管理制度,将外包纳入全面风险管理体系,合理审慎实施外包。
More security news
FTC files lawsuit against D-Link for router and camera security flaws
$247,000 KillDisk ransomware demands a fortune, forgets to unlock files
This ransomware scheme is targeting schools, colleges and head teachers, warn police
Malware uses denial-of-service attack in attempt to crash Macs
又有大批公司获得ISO27001安全管理体系认证,ISO27001标准是一个全球性的安全标准,提出了信息安全管理体系要求。为了达到认证,公司必须证明它使用一个系统的和持续的方式来管理敏感的公司及客户数据。

猜您喜欢

“虚拟时代”呼唤信息安全升级(评论员观察)
保密知识第一课——准确定密并正确标识国家秘密
网络安全宣传——保护信息设备资产安全
GIF-孙兴慜犀利跑位晃晕对手亚洲一哥当之无愧!
NBT LEADERSHIPCAFE
刻不容缓地提升金融保险业信息安全意识