An exploit closed again, as Google has shut down a “high-severity” one in its Nexus 6 and 6P phones. The vulnerability allowed attackers to listen to phonecalls, or gain access to mobile data packets.
The waveform from a successfully intercepted phone call.
Worsening the case, it was just one part of a cluster of security holes. The weakness could be utilized via malware-infected PCs and malicious power chargers. The official patches were rolled out in November for the Nexus 6, and January for the 6P. The attackers could also find the phone’s GPS coordinates, start phone calls, steal call information.
LTE data sniffed by the IBM team from a compromised device.
Fortunately the flaw was complex to activate. The older Nexus 6 was more vulnerable to this attack than the 6P. But don’t worry everybody, Google flagged this as “moderate severity,” and patched it in October.