This website uses cookies to ensure you get the best experience on our website. OK
2 min read 13 Shares No comments

Nexus 9: critical vulnerability discovered and resolved

As part of the March 2017 Android security update, Google released a specific patch to CVE-2017-0510 to resolve a critical vulnerability that was discovered in the Nexus 9 tablet. The most interesting aspect of this vulnerability was the source, which even those working in the security field thought was very unusual: headphones. 

I am currently looking for a new professional challenge.
What do you think?
50
50
3508 participants

Researchers at Aleph Research, a team of ex-IBM researchers, discovered that both the Fast Interrupt Request (FIQ) Debugger and HBOOT could be accessed on the Nexus 9 via the headphone jack. This is the result of multiplexed wired functionality, which is present in several smartphones but had largely been confined to USB ports. 

Nexus 9 2014 ANDROIDPIT black and white
Reported vulnerabilities in the Nexus 9 have been resolved. © AndroidPIT

They have described the security flaw as being an escalation of privilege vulnerability in the kernel FIQ debugger, which could allow a malicious application to execute arbitrary code within the context of the kernel. The team also found that the attack vector could be used to leak sensitive information and could significantly weaken ASLR. Overall, the issue could lead to a local permanent device compromise, so users would be forced at some point or another to re-flash the operating system to repair the device. 

Opinion by Angela Palmer
Monthly security updates are essential
What do you think?
50
50
3 participants

Happily, Google has resolved the issue with the latest Android security update. The capabilities of the FIQ Debugger have now been reduced, so it's no longer possible for any malicious programs to exploit this vulnerability. 

Have you received the latest Android security update for your Nexus 9? Are you concerned there may be further vulnerabilities? Let us know in the comments below.

Source: Aleph Research

13 Shares

No comments

Write new comment:

This website uses cookies to ensure you get the best experience on our website. More info

Got it!