Wednesday , October 18 2017

Nexus 6P With All Security Patches Gets Pwned

pwn2own_logo-930x488

One of the advantages of buying Nexus devices (and now Pixels) is that they receive up-to-date security patches for at least three years from the date of release. This makes them secure right? Unfortunately not. In the recent Mobile Pwn2Own competition sponsored by Trend Micro a team of hackers was able to pwn one of these devices.

China’s The Tencent Keen Security Lab Team was able to get a malicious app installed on a Nexus 6P on their first attempt. This malicious app, while it did not fully unlock the phone, gave them full access to user data on the phone. The hack involved sending an MMS to the phone and did not require any interaction with the phone at all. They used the remaining time to add “flair and style” to their hacks to win themselves even more prize money.

In total, the Nexus 6P hack combined with a hack they performed on the iPhone 6S the team netted US$215,000. There was no mention of whether any teams managed to exploit the Galaxy S7, also included in the competition. All successful hacks and vulnerabilities used at Pwn2Own are disclosed to Google for patching. We would expect the exploits to be patched in hopefully the December security update.

With the Nexus 6P meant to be one of the most secure phones (due to it’s monthly security updates) it makes you wonder how older phones from other manufacturers would fare. It makes a good argument for including the “likelihood of receiving security updates” as a key criteria when selecting your next phone.

How much credence do you pay to these sort of competitions? Do you consider security when deciding on a phone purchase?

 
Source: Trend Micro.
Via: The Register.

Scott Plowman   Associate Editor

Scott is our modding guru - he has his finger on the pulse of all things ‘moddable’, pointing us towards all the cutting edge mods hacks that are available. When he’s not gymming it up, or scanning the heck out of Nexus devices, you'll find him on the Ausdroid Podcast.

Outside of Ausdroid, Scott's a health care professional and lecturer at a well known Victorian university.

Join the Ausdroid Conversation

1 Comment on "Nexus 6P With All Security Patches Gets Pwned"

avatar
Sort by:   newest | oldest | most voted
Member

“It makes a good argument for including the “likelihood of receiving security updates” as a key criteria when selecting your next phone.”

Definitely. I’m more interested in receiving timely security updates than future OS updates, to be honest, and it’s one of the areas for greatest improvement by manufacturers producing Android devices.

wpDiscuz

Check Also

Get a free Huawei EnVizion 360 camera with a Mate 10 and Mate 10 Pro purchase

On Monday night Huawei’s blink and you’ll miss it product, the EnVizion 360 Camera was …