Categories: Security

Wi-Fi Bug Leaves Android & iPhone Seriously Vulnerable To Hackers

Computer security experts are warning users of Apple and Android mobile devices to apply patches to fix vulnerabilities affecting widely used Wi-Fi hardware.

The bugs, reported by Google’s Project Zero, affect Wi-Fi chips made by Broadcom, the most common Wi-Fi chipsets on mobile devices.

iPhone, Android affected

The affected chipsets are used by all iPhones since the iPhone 4 , most Samsung flagship Android devices and Google’s Nexus 5, 6 and 6P, amongst other handsets, Google said.

Google has released a proof-of-concept exploit demonstrating that the bugs could be used to take over the Wi-Fi functions of the affected devices, and said it plans to demonstrate how that attack can then be used to take complete control of affected devices in a further advisory.

The attacks can be launched by anyone using the same Wi-Fi network as a vulnerable device, according to Google.

Apple said it fixed the issues in its iOS 10.3.1 update, released only days after the major iOS 10.3 release.

The company acknowledged the flaws could allow an attacker within range to “execute arbitrary code on the Wi-Fi chip”.

Google has also released patches for Android addressing the issues, but availability for specific devices varies by manufacturer or wireless carrier.

Security ‘lag’

That means Apple’s iPhones and Google’s Nexus and Pixel devices running up-to-date software are protected from the flaws, but other devices may still be vulnerable.

Google security researcher Gal Beniamini said the flaws result from the fact that Broadcom’s chips neglect to use modern security techniques such as code heap cookies, data execution prevention (DEP) and address space layout randomisation (ASLR). As a result, exploits including stack buffer overflows and heap overflows are made possible.

“While the firmware implementation on the Wi-Fi SoC is incredibly complex, it still lags behind in terms of security,” he wrote.

He published exploit code demonstrating how an attacker could take over a Broadcom Wi-Fi chip.

The exploit could allow an attacker to steal information passing over the Wi-Fi connection, but could also be used to launch an attack on the main device, Beniamini said, promising to outline such an attack in a further blog post.

“We’ll see how we can use our assumed control of the Wi-Fi SoC in order to further escalate our privileges into the application processor, taking over the host’s operating system,” he wrote.

Security firm Sophos said the issues could easily extend to other Broadcom chipsets, making the scale of the security weaknesses involved difficult to estimate.

“The problem is that this particular bug and the current patches for it are more of an example and a symptom than a general fix,” wrote Sophos researcher Paul Ducklin in an advisory.

He said users should check with their smartphone wireless carrier or manufacturer for updates, and avoid using Wi-Fi in public places.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

16 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

17 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

17 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

18 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

18 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

19 hours ago