The Google Nexus 6 has been a major highlight recently as the phone finally received the long-awaited update to Android 7.1.1 Nougat – an update those using the Nexus 6P started receiving in early December 2016.
But before this update, both devices had been installed with Android 7.0 Nougat OTA, which came in towards the end of August 2016. While many have been enjoying this update, it appears that there were some threats that were unknown to the public.
According to the latest reports, the Google Nexus 6P and Nexus 6 have been updated with a small security patch from the server side. The update came in to take care of an exploit that was discovered by security researchers where the two phones’ modems would have easily been taken over by hackers. Apparently, the Nexus 6P started receiving this patch just this month while the Motorola Nexus 6 received the same treat in November 2016.
The Google Nexus 6P and Nexus 6 vulnerabilities were found by a team of IBM X-Force researchers. The issue was found to be affecting the phones’ bootmode. Here, any attacker with USB access to either phone can take over the modem when the phone is starting up, but the phone must also have enabled the Android Debug Bridge (ADB) in order for this to work. ADB is a mode that app developers deliberately enable so that their apps can also be installed on phones as APKs. But according to the security researchers, there were workarounds that could be used to activate ADB even when disabled on the phones.
Any success in taking control of the modem inside the Google Nexus 6P or Nexus 6 would have meant that the attackers could make a phone call, take information from your phone or even locate your current position using GPS coordinates. The good side of the story is that the two have been patched by Google, which means that the two phones are completely safe.