From InfoWorld: Google's Android security team patched a critical vulnerability in the company's Nexus 5X devices which would have let attackers bypass the lockscreen. An attacker who successfully triggered the vulnerability would be able to obtain data stored on the device via a forced memory dump, according to researchers from the IBM's X-Force team.
An attacker with physical access to the device can easily steal data or perform other malicious activities. The most common recommendation to protect the device in case it falls into malicious hands is to lock the device with a strong passphrase, which requires the attacker to brute-force the lock before being able to do anything.
However, IBM X-Force researchers discovered an "undocumented" vulnerability in LG's Nexus 5X devices which would let attackers obtain the password to unlock the screen, which would have rendered the lockscreen advice worthless.
"The vulnerability would have permitted an attacker to obtain a full memory dump of the Nexus 5X device, allowing sensitive information to be exfiltrated from the device without it being unlocked," wrote Roee Hay, application security research team leader at X-Force, in a post on the Security Intelligence blog disclosing the patched vulnerability. "Clearly such an ability would have been very appealing to thieves."
View: Article @ Source Site
