With physical access to the locked Nexus phone, an attacker would first press the device’s volume down button during device boot which puts the phone into “fastboot mode.” This step does not require user authentication and opens up access to the phone via the Android OS’ USB interface. The resulting memory dump of files would then be available for local (USB attached PC) retrieval. This opens the door for an attacker to cause the Android “bootloader to expose a serial-over-USB connection, which would allow an attacker to obtain a full memory dump of the device using tools such as QPST Configuration,” Hay explains in a post detailing the vulnerability. The forced memory dump data was accomplished either via physical or nonphysical access to the Nexus 5X phones via an Android Debug Bridge (ADB), which is a command line tool used by Android developers to communicate with USB connected Android devices.Īn adversary would leverage Android’s ADB function to execute a “fastboot oem panic” command.
Using Android OS developer tools, attackers can sift through memory dump data and retrieve the device’s lock-screen password. “The vulnerability would have permitted an attacker to obtain a full memory dump of the Nexus 5X device, allowing sensitive information to be exfiltrated from the device without it being unlocked,” according Roee Hay, application security research team leader at X-Force. Researchers said it is unaware of known public exploits of this vulnerability.
Disclosure of the vulnerability was shared by IBM’s X-Force team on Thursday.Īccording to X-Force, the vulnerability was “undocumented” and is tied to LG manufactured Nexus 5X’s Android running OS images 6.0 MDA39E through 6.0.1 MMB29V or running bootloaders bhz10i/k. Researchers at IBM’s X-Force Application Security Research Team discovered the flaw several months ago and worked with Google on a patch that was deployed recently. The vulnerability in Google’s line of phones would have allowed an adversary to exfiltrate data from the targeted phone via a forced memory dump of the device. Google’s Android security team has patched a vulnerability that left Nexus 5X devices open to attack even if the phone’s screen was locked.
0 kommentar(er)
