Google has just fixed a significant bug affecting the Nexus 5X devices. The bug allowed would-be attackers to extract key information from a device, whether or not it was locked. The flaw was first reported by the IBM X-Force security team, who said that this key vulnerability would allow attackers to get their hands on full memory dump through the Android Debut Bridge (ADB). ADB is a command-line PC tool that can be used for developers with USB-Connected Android devices.According to IBM, the bug affects all older versions of the Nexus 5X android images and is really straightforward to exploit. Under one of the possible scenario, an attacker who didn’t have access to the targeted phone would need to infect a developer’s PC (ADB-authorized) with malware. Another possible situation involves plugging a headset into a malicious charger. This approach was found to be successful in devices that had ADB enabled. The target would also be required to authorize the malicious charger once it had been connected.According to IBM, a fastboot mode left a USB interface exposed, thus creating a window of opportunity for attackers to issues commands that would crash the device bootloader. In some vulnerable bootloader versions, this crash exposes a connection that enables the hacker to obtain a full memory dump of the targeted device. IBM has also found out that due to the bootloader bug, potential hackers would be able to obtain a phone’s password from memory dump. This is disastrous in that it would create a pathway for further attackers.But not to worry, users of the Nexus 5X are now able to download the update and seal this security loophole. As usual, they should get a system for the OTA (over the air) update immediately it’s available.
Image Source: Android Police

View Comments

What's my model number?

There are several ways to locate your model number:

Option 1
On your device, go to Settings, then "About device" and scroll down to "Model number"
Option 2
Often times you can view the model number inside the device, by removing the battery
Option 3
Using Samsung's model/serial number location tool

Looks like you're using an ad blocker.

We get it: ads aren't what you're here for...

But ad revenue is our only way to manage this site. Without ad revenue we won't be able to continue to provide quality content and free firmware downloads.

Please disable your ad blocker or whitelist in order to continue into Updato's ad-light experience.

Thanks for your support!