Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Google just fixed a serious Android security vulnerability

0
0

Over the years, Android has become one of hackers’favorite targets, and there are plenty of reports detailing various malware attacks against Android devices. One of the most recent ones revealed that Russia found a way to track Ukrainian artillery sites by targeting soldiers’ phones with Android malware. At the same time, Google is busy patching the various security vulnerabilities that are discovered by hackers, and the company has just plugged a severe bootmode issue that could haveexposed devices to spying.

Don't Miss : Samsung accidentally confirmed one of the Galaxy S8’s headline features

The vulnerability, Ars Technica reports , is part of a series of Nexus 6 and Nexus 6P security holes found byIBM’s X-Force, all related to a flaw in the phone’s bootmode, that’s tagged CVE-2016-8467. Using this security hole, hackers would be able to remotely access the modem and eavesdrop on calls. The exploit also allowed attackers to find ”exact GPS coordinates with detailed satellite information, place phone calls, steal call information, and access or change nonvolatile items or the EFS partition.”

Patches were rolled out in November for the Nexus 6 and in January for the Nexus 6P before the issue was made public. However, other Android devices won’t get them as fast.

Before you freak out, you should know that the malware also involves other components, including malware-infected PCs, and malicious power chargers so that it can access hidden USB interfaces. Moreover, the victim would have to have Android Debug Bridge enabled on their devices and manually authorize ADB connectivity with the infected PC or charger for it to work.

The IBM researchers only singled out the Nexus 6 and Nexus 6P as devices that can be affected by the hack.

Hopefully, other devices can’t also be attacked in a similar manner. After so many years, Google still can’t control Android updates for vendor handsets. Device makers and mobile operators are still deeply involved in the process, meaning that any fixes Google releases will not be available immediately onany other devices.


Viewing all articles
Browse latest Browse all 12749