An exploit that was found by security researchers in Google’s Nexus 6 and Nexus 6P smartphones that would have allowed hackers to take over the phones’ modem has been quietly patched. The patches were released before the exploits themselves were announced to the public, with the Nexus 6 getting updated in November and the Nexus 6P getting the same patch earlier this month.
The exploits were first discovered by a team at IBM’s X-Force. They found a flaw in the bootmode of the Nexus phones that could allow attackers with USB access to those devices to take over the modem during the bootup process. It did require that the phones have the Android Debug Bridge (ADB) enabled, which is a mode usually activated by app developers so they could load APKs on Android phones. However, the team at X-Force says there were workarounds available that could have activated ADB even if it was set as disabled in the phone’s settings.
If the attackers were successful, they could place phone calls or steal call information from the phones, along with a way to find the phone’s exact GPS coordinates. Thankfully, this problem appears to have been fixed before this vulnerability could be used by any hackers.