INFRA
INFRA
INFRA
Broadcom Wi-Fi chip vulnerability allows hackers to access Android and iOS devices
A vulnerability in Wi-Fi chipsets manufactured by Broadcom Ltd. and used in Android and iOS devices allows attackers to gain easy access to the devices, according to newly published research.
Details of the vulnerability, first published by Google’s Project Zero security team member Gal Beniamini, specify that a remote-code execution vulnerability lies in Broadcom’s Wi-Fi stack that allows hackers to execute malicious code by simply being within the same Wi-Fi range of the targeted phone or device. Worse still, a successful exploitation requires no user input, meaning that an attack can take place without users even knowing they have been targeted.
The proof-of-concept exploit uses Wi-Fi signals that contain irregular values that in turn cause the firmware behind Broadcom’s chip to overflow its stack. A stack is the data structure that stores information about the active subroutines of a computer program. That means that by pumping unexpected irregular data into the stack, the stack itself overflows. That is, it exceeds the amount of data it can hold (think of an overflowing bath tub), causing it to become dysfunctional.
Once the stack is in this situation, Beniamini was able to target the timers responsible for regularly occurring events such as scans, providing the ability to overwrite specific regions of the device memory with nefarious code.
Beniamini warned that the lack of security protections built into many platforms made the Broadcom chipset a prime target.
“We’ve seen that while the firmware implementation on the Wi-Fi SoC is incredibly complex, it still lags behind in terms of security,” he noted. “Specifically, it lacks all basic exploit mitigations — including stack cookies, safe unlinking and access permission protection (by means of an MPU).”
The good news is that prior to publication, both Google and Apple were informed of the vulnerability. Apple patched it with the release of iOS 10.3.1 on Monday and Google released a patch in its April security release. That said, the risks still remain particularly for Android users because many devices never receive security updates. And even those that do often have to wait for the device maker or telecommunications company to release the update to them.
Photo: Köf3/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
