Google Nexus 9 Unauthorized Access to FIQ Debugger

Aleph Research Advisory

Identifier

CVE-2017-0510

Severity

Critical

Product

Google Nexus 9

Vulnerable Version

Android 7.1.1 N4F26Q and below

Mitigation

Upgrade to build N4F26T (March 2017 Security patches).

Technical Details

Nexus 9 allows unauthorized access to the FIQ debugger via its headphones jack. This allows for sensitive information theft, via malicious headphones, out of any process. Moreover it allows the adversary to reboot the device into HBOOT, which may aid in further exploitation such as accessing internal SoCs via I\(^2\)C. In addition, the attacker can conduct a Factory Reset.

Timeline

06-Mar-17
: Public disclosure.
01-Mar-17
: Added as ALEPH-2017000.

Posts

Nexus 9 vs. Malicious Headphones, Take Two
By Roee Hay,
13-Jun 2017
Attacking Nexus 9 with Malicious Headphones
By Roee Hay,
08-Mar 2017

Credit

Roee Hay (@roeehay) of Aleph Research, HCL Technologies
Sagi Kedmi (@sagikedmi)

External References

Nexus 9 Android Official Images
Android Security Bulletin—March 2017