Google plugs serious Nexus vulnerability in latest security update

Google plugs serious Nexus vulnerability in latest security update

Google’s monthly Android security patches are always imperative for whichever phones are able to get them, but the January bundle is of particular importance to Nexus 6 and 6P owners. As spotted by Ars Tehcnica UK, Googe has plugged a “high-severity” exploit in its latest patch that could allow attackers to listen in on calls and steal data.

Only brought to light last week by IBM’s X-Force Exchange, the vulnerability in the two phone models opens access to hidden USB interfaces. According to the report, “By rebooting the device with custom bootmodes, an attacker could exploit this vulnerability to override a secure USB configuration and gain elevated privileges on the system, cause a local permanent denial of service and exfiltrate sensitive information.” The researchers warned that the exploit could result in “data theft, data destruction, (and) data corruption.”

As Ars Technica UK explains, older Nexus 6 phones were more vulnerable than the 6P, “but (the newer phone’s firmware) could still be used to break into the modem’s AT interface. That interface would let attacks send or eavesdrop on SMS messages and potentially bypass two-factor authentication.” The patch is among numerous high- and critical-severity vulnerabilities that the January update plugs.

The impact on you at home: If you own a Nexus 6 and 6P that has been updated to Nougat, it should automatically install the security patch as soon as it’s available. But whenever major flaws like this pop up, it’s a good idea to exercise some due diligence on whatever phone you’re running, and check to see if it’s up to date. And if your phone is still running Marshmallow, check the settings to see if you can enable automatic security updates.

IDG Insider

PREVIOUS ARTICLE

«Google wants you to Tango through exhibits at Detroit museum

NEXT ARTICLE

AMD Ryzen CPUs: 7 all-new details revealed at CES 2017»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Will Kotlin overtake Java as the most popular Android programming language in 2018?