IBM security team that discovered the vulnerability disclosed details about the flaw on Thursday. The vulnerability (CVE-2016-8467) allows an attacker to use PC malware or malicious chargers to reboot a Nexus 6 or 6P device and implement a special boot configuration, or boot mode, which instructs Android to turn on extra USB interfaces. Those interfaces can be used by the attacker to gain access to the phone s modem diagnostics interface where the adversary can manipulate functionality of the modem. Researchers also warned of additional USB interfaces that attackers can access, such as the modem AT interface, also vulnerable in Nexus 6.
Source: https://threatpost.com/google-patches-android-custom-boot-mode-vulnerability/122918/