In-depth

Google patches Nexus bug that lets hackers steal data from locked devices

IBM’s security team found the Nexus 5X glitch after discovering a bypass hole

Google has patched a security bug in its Nexus 5X smartphones that could have exposed sensitive user data stored on handsets, even if they were locked.

IBM's security team found the Nexus 5X glitch after discovering a bypass hole that could allow hackers to dump memory from locked phones via a bootloader problem that could also facilitate wholesale memory dumps via USB, such as a charger.

IBM X-Force research lead Roee Hay said exploiting the flaw was simple and only required a device to be put into fastboot mode.

"A vulnerability in Nexus 5X's bootloader allows an attacker to obtain a full memory dump of the device," said Hay. "The vulnerability can be exploited by physical attackers or by non-physical ones having Android Debug Bridge [ADB] access to the device."

Advertisement
Advertisement - Article continues below

One possible scenario where a non-physical attacker can get ADB access is by first targeting an ADB-authorised developer's PC and infecting it with malware, the IBM researchers said.

Another way is by using malicious chargers targeting ADB-enabled devices. "Using such chargers requires the victim to authorise the charger once connected," the IBM team said.

In this instance, the victim is a Nexus 5X user with Android 6.0 MDA39E through 6.0.1. In order to achieve a successful attack, the attacker needs to reboot the phone into the well-known fastboot' mode, which can be done without any authentication.

"A physical attacker can do this by pressing the Volume Down' button during device boot," said IBM Security Intelligence. "An attacker with ADB access can do this by issuing the adb reboot bootloader' command. The fastboot mode exposes a USB interface, which on locked devices must not allow any security sensitive operation to be commanded."

However, what IBM discovered was that if the attacker issued the fastboot oem panic' command via the fastboot USB interface, the bootloader would be forced to crash.

The research team explained that such a crash caused the bootloader to expose a serial-over-USB connection, which allowed them to fetch a full memory dump of the device, using tools such as QPST Configuration. They were then able to expose the users' personal data.

Luckily, Google has patched the security bug since IBM's discovery. To make sure your device is safe from the attack, visit the Google website and download the most up to date Nexus software option.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far/page/0/1
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019