Google and Apple patch Wi-Fi vulnerability that could have affected 1 billion phones
At the recent Black Hat security conference in Las Vegas, Exodus Intelligence's Nitay Artenstein wanted to prove that some Wi-Fi chips produced by Broadcom could negatively affect 1 billion handsets, both iOS and Android flavored. The attack code sent out by Artenstein asks to make a connection with computing devices that are nearby. When these requests are received by devices running the BCM43xx model of Wi-Fi chips found inside certain smartphones, the firmware controlling the chip is revised by the attack.
The affected chip sends out malicious packets to other devices creating a domino effect. All together, roughly one billion handsets were vulnerable to this attack until Google sent out an update that included a patch earlier this month. Apple sent out its patch last week.
Artenstein, who named the worm "Broadpwn," says that the attack worked on the Apple iPhone 5 and later, and the Nexus 5, Nexus 5X, Nexus 6, and Nexus 6P. Also affected were the Samsung Galaxy S3 through the current Galaxy S8.
With the flaw now closed by Apple and Google, this is one vulnerability that you need not worry about anymore. However, for every flaw that is plugged, another one seems to pop up. That means companies like Google and Apple can never let their guard down.
source: ArsTechnica
"This research is an attempt to demonstrate what such an attack, and such a bug, will look like. Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of Wi-Fi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful 0-day that allowed us to leverage it into a reliable, fully remote exploit."-Nitay Artenstein, Exodus Intelligence
Artenstein, who named the worm "Broadpwn," says that the attack worked on the Apple iPhone 5 and later, and the Nexus 5, Nexus 5X, Nexus 6, and Nexus 6P. Also affected were the Samsung Galaxy S3 through the current Galaxy S8.
With the flaw now closed by Apple and Google, this is one vulnerability that you need not worry about anymore. However, for every flaw that is plugged, another one seems to pop up. That means companies like Google and Apple can never let their guard down.
source: ArsTechnica
Things that are NOT allowed: