Home GoAndroid Boot Mode Vulnerability Fixed on Android Nexus Devices

Boot Mode Vulnerability Fixed on Android Nexus Devices

Jan 10, 2017

There was a very dangerous vulnerability on Android that would allow a criminal hacker to get into Nexus devices using a custom boot mode ability. Good news for Android users today as Google announced this severely-critical vulnerability has been fixed.

Google Fixes Boot Mode Vulnerability on Android Nexus

This vulnerability affected Nexus devices, and could allow remote attacks or spying through the custom boot mode feature. Basically, a cyber hacker could reboot the Nexus device themselves, and then going into that custom boot mode could end up controlling the device or stealing information. This new fix was part of the Android security bulletin for January and is known as vulnerability CVE-2016-8467.

The vulnerability on the Android Nexus devices could allow someone to use malicious chargers or any malware on a PC and then put this into a reboot for Nexus devices. Once the Nexus 6 or Nexus 6P was in the reboot mode, a custom boot configuration could be used in which would then tell Android to turn on interfaces. IBM X-Force Application Security Research Team members said that this vulnerability is critical because it could allow the attacker to access the interfaces. These special interfaces could allow the hacker to control the device remotely without the Android user even knowing.

When it comes to the Nexus 6 specifically, the diagnostics interface is what was really worrisome. This is because the modem diagnostics interface could allow the hacker to access the modem. If that happened, you could wind up with a lot of information being stolen and the device being taken over by the hacker. After that hacker gets control of the modem, they could end up intercepting information or services like phone calls or mobile data packets. The mobile data packets contain sensitive information like your GPS coordinates. This could allow someone to steal call information, track the Android user, access and change nonvolatile items, and even place phone calls on your device.

IBM was really concerned because there is something known as the Android Debug Bridge on the Nexus devices. If this is enabled on the Android device, a malicious charger or PC malware could end up booting up the Android device using the special boot mode. The Android user would then have to accept the charger or PC forever, commands are then issued to the device, and then the Android device would reboot giving that hacker all control. The hacker just has to   wait until the Android Debug Bridge is enabled one time, and then from there it is game on.

It is even worse if this hacker has access to the actual Android device. If the hacker has the device, then the device could be rebooted into the custom boot mode through a manual option, which might end up actually being worse for the Android user.

The good news though is that Nexus 6P actually has more firmware protection. This allows for the device to not quite as easily be taken over, although Android Debug Bridge sessions are still able to be turned on. The worst part about the Nexus 6P is that this special Android Debug Bridge can be turned on even if it is disabled on the device, and it is a pretty substantial vulnerability.

Both devices also have a USB interface, which means a hacker could use this USB interface to do various nefarious activities. Someone could bypass the two-factor authentication, send SMS messages, access other types of interfaces, change radio settings, access features, and even escalate the privileges.

Either way, the good news is that Google finally patched this vulnerability, and hopefully it patches it for good. Google was able to patch this by banning the locked bootloader to boot into those custom and very dangerous types of boot modes. This means that the device will no longer be able to get booted up into that boot mode, so the hacks and attacks should not be able to happen any longer.