Broadpwn Bug Affects Millions of Android and iOS Devices

By +Warwagon
in Back Page News

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
Quote

 

Broadcom Wi-Fi chips embedded in Android and iOS devices are vulnerable to a bug that allows an attacker to execute code on their devices, without any interaction needed from the user.

The bug was discovered by security researcher Nitay Artenstein, is nicknamed Broadpwn, and tracked as CVE-2017-9417.

 

Artenstein reported the bug in private to Google, who included a fix for this issue in the Android Security Bulletin for July 2017, released this week, on July 5.

No public information available yet

 

Artenstein has not disclosed any information about the bug or exploit to the public, and he's set to give a presentation about Broadpwn at this year's Black Hat USA security conference that will be held in Las Vegas at the start of August.

 

In the few details he revealed about the bug, Artenstein says Broadpwn "affects millions of Android and iOS devices" that use Broadcom Wi-Fi chips to handle network communications.

 

The researcher specifically points the finger at the Broadcom BCM43xx family of Wi-Fi chips included in "an extraordinarily wide range of mobile devices" from vendors such as Google (Nexus), Samsung, HTC, and LG.

Researcher reverse engineers Android security patch

 

Zhuowei Zhang, another Android security expert, has reversed engineered the Android July 2017 

security patch just to dig out more details about Broadpwn.

 

Zhang says the bug appears to be a heap overflow in the firmware of Broadcom Wi-Fi chips. The researcher says exploitation takes place when the user's device "receives a WME (Quality-of-Service) information element with a malformed length from a connected network."

 

The attacker doesn't need any user interaction to exploit the feature. A victim only needs to walk into the attacker's Wi-Fi network range. Artenstein has later confirmed on Twitter that connecting to a malicious network is not necessary.

 
 

https://www.bleepingcomputer.com/news/security/broadpwn-bug-affects-millions-of-android-and-ios-devices/

 

My Parents LG G3 Security Patch Level is still April 2017. .. Linage OS is July 5th, 2017.

 

 

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.