We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.
Nexus 9: critical vulnerability discovered and resolved
Google Nexus 9 Community Google 2 min read No comments

Nexus 9: critical vulnerability discovered and resolved

As part of the March 2017 Android security update, Google released a specific patch to CVE-2017-0510 to resolve a critical vulnerability that was discovered in the Nexus 9 tablet. The most interesting aspect of this vulnerability was the source, which even those working in the security field thought was very unusual: headphones.

Researchers at Aleph Research, a team of ex-IBM researchers, discovered that both the Fast Interrupt Request (FIQ) Debugger and HBOOT could be accessed on the Nexus 9 via the headphone jack. This is the result of multiplexed wired functionality, which is present in several smartphones but had largely been confined to USB ports. 

Nexus 9 2014 ANDROIDPIT black and white
Reported vulnerabilities in the Nexus 9 have been resolved. © AndroidPIT

They have described the security flaw as being an escalation of privilege vulnerability in the kernel FIQ debugger, which could allow a malicious application to execute arbitrary code within the context of the kernel. The team also found that the attack vector could be used to leak sensitive information and could significantly weaken ASLR. Overall, the issue could lead to a local permanent device compromise, so users would be forced at some point or another to re-flash the operating system to repair the device. 

Happily, Google has resolved the issue with the latest Android security update. The capabilities of the FIQ Debugger have now been reduced, so it's no longer possible for any malicious programs to exploit this vulnerability. 

Have you received the latest Android security update for your Nexus 9? Are you concerned there may be further vulnerabilities? Let us know in the comments below.

Source: Aleph Research

No comments

Write new comment:
All changes will be saved. No drafts are saved when editing