Google fixed a vulnerability in the Nexus 5X Android images.
The vulnerability could allow an attacker to cull the phone’s memory and extract sensitive information via a USB port.
IBM’s X-Force team discovered the vulnerability and the affected Android images deployed only on LG Nexus 5X devices. The vulnerable versions are 6.0 MDA39E through 6.0.1 MMB29V (or bootloaders bhz10i to bhz10k).
Google fixed the problem with Nexus 5X Android image MHC19J (or bootloader bhz10m).
To vulnerability is easy to exploit, but the attack surface may be small, said researchers at IBM in a blog post.
The company said it can only end up used against Nexus 5X devices that have the Android Debug Bridge (ADB) feature turned on.
The attacker would not need physical access as an attacker can infect a Nexus 5X owner’s PC or smart charger with malware. When the user connects the phone to their PC or charger (using the USB cable), the malware could exploit the flaw and dump the handset’s memory.
This happens because the malware can send commands to the ADB terminal, crashing it during a forced reboot. The malware then uses other tools to extract the phone’s memory, from where researchers said they were able to recover the password they set up for a device used during tests.
The vulnerability can also end up exploited with physical access to the device by sending all the commands by hand, instead of using automated scripts.
While the attack surface is small thanks to the low number of potentially affected devices, Nexus devices receive security updates on a regular basis from Google itself.
IBM said the issue ended up fixed almost six months ago.