<--

Google Nexus 9 Unauthorized Access to FIQ Debugger

Aleph Research Advisory

Identifier

Severity

Critical

Product

Google Nexus 9

Vulnerable Version

Android 7.1.1 N4F26Q and below

Mitigation

Upgrade to build N4F26T (March 2017 Security patches).

Technical Details

Nexus 9 allows unauthorized access to the FIQ debugger via its headphones jack. This allows for sensitive information theft, via malicious headphones, out of any process. Moreover it allows the adversary to reboot the device into HBOOT, which may aid in further exploitation such as accessing internal SoCs via IC. In addition, the attacker can conduct a Factory Reset.

Timeline

Posts

Credit

External References