It has been reported that Google has just fixed a vulnerability in its Android operating system that would have allowed hackers to listen in to calls.
The vulnerability was present in Google’s Nexus 6 and 6P smartphones and gave hackers with USB access the ability to take over the onboard modem during boot up. This allowed them to listen to calls and intercept mobile data packets.
Roee Hay and Michael Goberman, from IBM’s X-Force Application Security Research Team – which discovered the vulnerability – have said that “this level of access to the Nexus 6 modem allows attackers to find the exact GPS co-ordinates with detailed satellite information, place phone calls, steal call information and access or change non-volatile (NV) items or the EFS partition”.
Ars Technica reported that the vulnerability “was complex to activate,” since it required the victim to have Android Debug Bridge (ADB) enabled on their devices. This is a debugging mode used by developers to load Android application packages (APK) onto phones.
The security flaw – named CVE-2016-8467 – also required users to have manually authorised ADB connectivity with an infected PC or charger.
According to Mr Hay and Mr Goberman, the Nexus 6P vulnerability “enables the ADB interface even if it was disabled in the developer settings user interface (UI)”. They added: “With access to an ADB-authorised PC, a physical attacker could open an ADB session with the device and cause the ADB host running under the victim’s PC to RSA-sign the ADB authentication token even if the PC is locked.”
They explained that this type of ADB connection would allow an attacker to install malware on a device. They went on to say that PC malware on an ADB-authorised machine “might also exploit CVE-2016-8467 to enable ADB and install Android malware,” adding that the PC malware “waits for the victim to place the device in the fastboot mode to exploit the vulnerability”.
It has not been announced if the researchers have found the flaw in other devices.