Society relies so heavily on technology that the number of internet connected devices used globally is predicted to grow to 55.9 billion by 2025. Many of these devices span parts of Industrial Control Systems (ICS) that impact the physical world, assist us in our daily lives at home and monitor and automate everything from energy…

Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes

In recent months, the X-Force Application Security Research Team has discovered several previously undisclosed Android vulnerabilities. The November 2016 and January 2017 Android Security Bulletins included patches to one high-severity vulnerability, CVE-2016-8467, in Nexus 6 and 6P. Our new paper, “Attacking Nexus 6 & 6P Custom Bootmodes,” discusses this vulnerability as well as CVE-2016-6678.

GM Bot: Alive and Upgraded, Now on Android M

IBM X-Force Research detected a recently updated version of the GM Bot mobile banking malware designed to deploy on Android 6 operating systems and bypass new security applied to the platform. Android officially released this Marshmallow OS, code-named M, in October 2015. The GM Bot version we analyzed can work on all Android versions up…