Google had another problem on its mind and it had to do with a security flaw that could allow attackers to intercept communications (SMS and phone calls) on the Nexus 6, while from the Nexus 6P, hackers could have stolen text messages.
IBM’s X-Force has discovered the security flaw that belongs to some loopholes associated with the CVE-2016-8467 vulnerability within the device’s bootmode. Mmaringreport has reported that this flaw utilized malevolent power charges and malware-tainted computers, which allowed attackers to gain admission into concealed USB interfaces.
IBM’s security researchers have found out that hackers could start off a disabled USB and then obtain the phone’s IMEI number, locate sources of calls and trace GSP coordinates, or alter the items within EFS partition. Michael Goberman and Roee Hay, two researchers from IBM X-Force Application Security Research Team, have offered more information about the security flaw, explaining that hackers could gain extra control over the hijacked devices, after exploiting the vulnerability to break into interfaces.
The researchers are concerned that after reaching this interface on the Nexus 6, the hackers could gain access into the modern that makes “integrity and confidentiality” weaker. The device can be rebooted via leveraging Android Debug Bridge, then con artists hold over the modem and manage to make phone calls, hijack data packages and obtain the exact GPS coordinates of the phone, using satellite info.
Google introduced a modem patch on time and prevented possible unwanted incidents, stopping the hackers from messing around with devices affected by the security flaw. The exploit was silently fixed using one program update to Nexus 6 (back in November) and Nexus 6P (in January). The solution was brought before hackers could exploit the vulnerability within both the Nexus 6 and Nexus 6P.
Fortunately, Google was able to prevent a disaster, but it’s not guaranteed that in the future, the hackers won’t find other vulnerabilities to exploit.