• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Broadpwn Bug Affects Millions of Android and iOS Devices

Recommended Posts

+warwagon    12,963


Broadcom Wi-Fi chips embedded in Android and iOS devices are vulnerable to a bug that allows an attacker to execute code on their devices, without any interaction needed from the user.

The bug was discovered by security researcher Nitay Artenstein, is nicknamed Broadpwn, and tracked as CVE-2017-9417.


Artenstein reported the bug in private to Google, who included a fix for this issue in the Android Security Bulletin for July 2017, released this week, on July 5.

No public information available yet


Artenstein has not disclosed any information about the bug or exploit to the public, and he's set to give a presentation about Broadpwn at this year's Black Hat USA security conference that will be held in Las Vegas at the start of August.


In the few details he revealed about the bug, Artenstein says Broadpwn "affects millions of Android and iOS devices" that use Broadcom Wi-Fi chips to handle network communications.


The researcher specifically points the finger at the Broadcom BCM43xx family of Wi-Fi chips included in "an extraordinarily wide range of mobile devices" from vendors such as Google (Nexus), Samsung, HTC, and LG.

Researcher reverse engineers Android security patch


Zhuowei Zhang, another Android security expert, has reversed engineered the Android July 2017 

security patch just to dig out more details about Broadpwn.


Zhang says the bug appears to be a heap overflow in the firmware of Broadcom Wi-Fi chips. The researcher says exploitation takes place when the user's device "receives a WME (Quality-of-Service) information element with a malformed length from a connected network."


The attacker doesn't need any user interaction to exploit the feature. A victim only needs to walk into the attacker's Wi-Fi network range. Artenstein has later confirmed on Twitter that connecting to a malicious network is not necessary.




My Parents LG G3 Security Patch Level is still April 2017. .. Linage OS is July 5th, 2017.



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.