Only brought to light last week by IBM’s X-Force Exchange, the vulnerability in the two phone models opens access to hidden B interfaces. According to the report, “By rebooting the device with custom bootmodes, an attacker could exploit this vulnerability to override a secure B configuration gain elevated privileges on the system, cause a local permanent denial of service exfiltrate sensitive information.” The researchers warned that the exploit could result in “data theft, data destruction, () data corruption.” As Ars Technica UK explains, older Nexus 6 phones were more vulnerable than the 6 “but (the newer phone’s firmware) could still be used to break into the modem’s AT interface. That interface would let attacks send or eavesdrop on SMS messages potentially bypass two-factor authentication.” The patch is among numerous high- critical-severity vulnerabilities that the nuary update plugs. The impact on you at home: If you own a Nexus 6 6that has been updated to Nougat, it should automatically install the security patch as soon as it’s available. But whenever major flaws like this pop up, it’s a good idea to exercise some due diligence on whatever phone you’re running, check to see if it’s up to date. And if your phone is still running Marshmallow, check the settings to see if you can enable automatic security updates.
