Sign in / up

back to article Google swats Nexus 5X vulnerable fastboot memory dump flaw

Google has patched a bypass hole in Nexus 5X devices that allowed attackers to dump memory from locked phones. IBM X-Force research lead Roee Hay says exploiting the flaw was simple and required a device be put into fastboot mode. "The vulnerability would have permitted an attacker to obtain a full memory dump of the Nexus 5X …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Blacklight

    A link to other materials here would be useful :)

    The 5X has an encrypted file system, however other sources on this vuln show the password is left sitting "unguarded" in the extracted image, so someone with the image could unlock the device, or clone it.

    Hopefully Google have either salted this passphrase now, rather than just stopping the panic enabling extraction.....

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      5X has an encrypted file system

      It has two actually. Full device encryption in Marshmallow, and file level encryption in Android N

      0 0 Reply
  2. JeffyPoooh
    Pint

    "...requires some chops to execute..."

    "Pub thieves probably won't benefit from the attack, which requires some chops to execute..."

    Dangerous assumption.

    If it's a viable attack vector, then somebody would write a script.

    Then the pub thief connects a cable and clicks.

    So-called complexity isn't a defense given scripting.

    2 0 Reply
  3. Richy Freeway

    More infos

    https://exchange.xforce.ibmcloud.com/collection/Google-Nexus-5X-Bootloader-Unauthorized-Memory-Dumping-via-USB-334310227a1065ee7585b37e4d3be0a3

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like