Google and Apple patch Wi-Fi vulnerability that could have affected 1 billion phones

by Alan Friedman / Jul 28, 2017, 11:25 PM

Google and Apple patch Wi-Fi vulnerability that could have affected 1 billion phones

At the recent Black Hat security conference in Las Vegas, Exodus Intelligence's Nitay Artenstein wanted to prove that some Wi-Fi chips produced by Broadcom could negatively affect 1 billion handsets, both iOS and Android flavored. The attack code sent out by Artenstein asks to make a connection with computing devices that are nearby. When these requests are received by devices running the BCM43xx model of Wi-Fi chips found inside certain smartphones, the firmware controlling the chip is revised by the attack.

The affected chip sends out malicious packets to other devices creating a domino effect. All together, roughly one billion handsets were vulnerable to this attack until Google sent out an update that included a patch earlier this month. Apple sent out its patch last week.

"This research is an attempt to demonstrate what such an attack, and such a bug, will look like. Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of Wi-Fi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful 0-day that allowed us to leverage it into a reliable, fully remote exploit."-Nitay Artenstein, Exodus Intelligence

Artenstein, who named the worm "Broadpwn," says that the attack worked on the Apple iPhone 5 and later, and the Nexus 5, Nexus 5X, Nexus 6, and Nexus 6P. Also affected were the Samsung Galaxy S3 through the current Galaxy S8.

With the flaw now closed by Apple and Google, this is one vulnerability that you need not worry about anymore. However, for every flaw that is plugged, another one seems to pop up. That means companies like Google and Apple can never let their guard down.

source: ArsTechnica

Options

14 Comments

1. maple_mak

Posts: 953; Member since: Dec 18, 2013

I remembered someone just said iOS is more secured.

posted on Jul 29, 2017, 2:49 AM 6

2. blingblingthing

Posts: 978; Member since: Oct 23, 2012

Little do they know. The correct term is more "closed" which causes the illusion it's more secure.

posted on Jul 29, 2017, 3:19 AM 3

7. mikehunta727 unregistered

Statistically, iOS has actually been the more secure OS, targeted less by malware, more people overall and up to date, MUCH less malware has hit App Store vs Play Store, more vulnerabilities found and exposed and used on Android side daily, etc. People on near latest iOS version or latest version are much more protected and secure than 99% of the Android userbase You literally have tens of millions of people around the word being recked by ransomware/malware/trojans on their Android device that is sapping information from these poor people/stealing money/etc via built in Chinese backdoors/unpatched Android devices/etc Android security system in the whole Android ecosystem from low end to high end is in much more dire "trouble" than Apple is and will ever be until the day we see same day patches for everyone on Android

posted on Jul 29, 2017, 7:48 AM 1

11. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

I think it's time for Google to design and built-in a firewall into Android. A firewall under their control could filter out such attack.

posted on Jul 29, 2017, 11:33 PM 1

6. mikehunta727 unregistered

Considering not even 0.50% of total Android users have this July update, while the whole update has already been pushed to the whole active iOS user base,(over billion active devices) means that much much much more people are patched and protected. This was a Broadcom firmware vulnerability that was patched. The rest of Android ecosystem will not be on at least July patch for 1 year minimum so..

posted on Jul 29, 2017, 7:45 AM 1

9. sissy246

Posts: 7124; Member since: Mar 04, 2015

That's because they believe everything Timmy boy tells them. Nothing is safe

posted on Jul 29, 2017, 7:54 AM 0

10. Chidoro

Posts: 168; Member since: Sep 20, 2016

It is, make no mistake.

posted on Jul 29, 2017, 12:48 PM 0

4. Zylam

Posts: 1817; Member since: Oct 20, 2010

What about all the Android phone that won't get a patch to fix this?

posted on Jul 29, 2017, 5:25 AM 2

5. TeriusRose

Posts: 108; Member since: May 12, 2017

Then I guess they won't be protected. I'm not sure what you're trying to say here unless it's just a swipe at android.

posted on Jul 29, 2017, 7:37 AM 5

8. sissy246

That's what he is trying to do. Just ignore him.

posted on Jul 29, 2017, 7:53 AM 4

12. joey_sfb

Take precautions not to connect to public wifi hotspot. I have 15gb data plan /per month so there is absolutely no need to connect to wifi when I travel.

posted on Jul 29, 2017, 11:44 PM 1

13. Xilam unregistered

I think he's trying to prove that iOS is essentially more secure because when these things are discovered nearly all iOS devices get patched instantly... which is true. Hope my explanation is clear enough.

posted on Jul 30, 2017, 12:22 AM 0

14. joey_sfb

iOS may be better with security update but they have their own set of disadvantage in other areas. For examples my iPad 1 is useless to me now that Apple decided to abandon it. Will it enjoy the security update available to the newer modal plus the apps that I use to run are block due to not having the later iOS release. As for my Motorola Xoom bought during the same time period is far more useful compare to my iPad 1. Every app I have still run and update as usual.