CATEGORIES
home News

Google And Apple Patch Serious Android And iOS Broadcom Wi-Fi Bug That Allowed Remote Execution Hack

by Paul LillyThursday, April 06, 2017, 09:21 AM EDT
Google Nexus 6P

Practically everyone who owns a smartphone should be on the lookout for a patch. Both Google and Apple this week released software updates for Android and iOS, respectively, to address a vulnerability discovered in Wi-Fi chipsets developed by Broadcom. If left unpatched, an attacker within range of the same Wi-Fi network could execute malicious code on a person's mobile device.

A researcher on Google's Project Zero team discovered the vulnerability and wrote about it in great detail (hit the source link for deep dive into the technical underpinnings of this exploit). Prior to Google releasing a patch for Android, the researcher demonstrated the hack on a fully patched Nexus 6P running Android 7.1.1 version NUF26K. Through the exploit, he was able to show a "full device takeover by Wi-Fi proximity along, requiring no user interaction."

"Two of the vulnerabilities can be triggered when connecting to networks supporting wireless roaming features; 802.11r Fast BSS Transition (FT), or Cisco’s CCKM roaming. On the one side, these vulnerabilities should be relatively straightforward to exploit - they are simple stack overflows. Moreover, the operating system running on the firmware (HNDRTE) does not use stack cookies, so there’s no additional information leak or bypass required," said Project Zero researcher Gal Beniamini.

Put another way, Beniamini reverse engineered Broadcom's firmware and found it was not as secure as it should be. More specifically, he said it lacks basic exploit mitigations, including stack cookies, safe unlinking, and access permission protection.

Broadcom's Wi-Fi chipsets are in wide use today. Android devices that uses the company's chips include the Nexus 5, 6, and 6P, and many of Samsung's flagship phones. And on iOS, all iPhones since the iPhone 4 and up are affected. Same goes for newer generation iPod touch and iPad devices.

In total Beniamini found 10 flaws in Broadcom's Wi-Fi chips. The good news here is that Broadcom has been high receptive to Beniamini's research and has taken steps to make newer versions of this chips more secure.
Tags:  Apple, Google, broadcom, (NASDAQ:AAPL), (NASDAQ:AVGO), Project Zero, (nasdaq:goog), wi-fi
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment