Categories: Security

Wi-Fi Bug Leaves Android & iPhone Seriously Vulnerable To Hackers

Computer security experts are warning users of Apple and Android mobile devices to apply patches to fix vulnerabilities affecting widely used Wi-Fi hardware.

The bugs, reported by Google’s Project Zero, affect Wi-Fi chips made by Broadcom, the most common Wi-Fi chipsets on mobile devices.

iPhone, Android affected

The affected chipsets are used by all iPhones since the iPhone 4 , most Samsung flagship Android devices and Google’s Nexus 5, 6 and 6P, amongst other handsets, Google said.

Google has released a proof-of-concept exploit demonstrating that the bugs could be used to take over the Wi-Fi functions of the affected devices, and said it plans to demonstrate how that attack can then be used to take complete control of affected devices in a further advisory.

The attacks can be launched by anyone using the same Wi-Fi network as a vulnerable device, according to Google.

Apple said it fixed the issues in its iOS 10.3.1 update, released only days after the major iOS 10.3 release.

The company acknowledged the flaws could allow an attacker within range to “execute arbitrary code on the Wi-Fi chip”.

Google has also released patches for Android addressing the issues, but availability for specific devices varies by manufacturer or wireless carrier.

Security ‘lag’

That means Apple’s iPhones and Google’s Nexus and Pixel devices running up-to-date software are protected from the flaws, but other devices may still be vulnerable.

Google security researcher Gal Beniamini said the flaws result from the fact that Broadcom’s chips neglect to use modern security techniques such as code heap cookies, data execution prevention (DEP) and address space layout randomisation (ASLR). As a result, exploits including stack buffer overflows and heap overflows are made possible.

“While the firmware implementation on the Wi-Fi SoC is incredibly complex, it still lags behind in terms of security,” he wrote.

He published exploit code demonstrating how an attacker could take over a Broadcom Wi-Fi chip.

The exploit could allow an attacker to steal information passing over the Wi-Fi connection, but could also be used to launch an attack on the main device, Beniamini said, promising to outline such an attack in a further blog post.

“We’ll see how we can use our assumed control of the Wi-Fi SoC in order to further escalate our privileges into the application processor, taking over the host’s operating system,” he wrote.

Security firm Sophos said the issues could easily extend to other Broadcom chipsets, making the scale of the security weaknesses involved difficult to estimate.

“The problem is that this particular bug and the current patches for it are more of an example and a symptom than a general fix,” wrote Sophos researcher Paul Ducklin in an advisory.

He said users should check with their smartphone wireless carrier or manufacturer for updates, and avoid using Wi-Fi in public places.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Australian Senate Grills Lobbyist Over Social Media Failures

Industry group representative faces hostility from Australian Senate ahead of vote on law to ban…

1 hour ago

US To Reduce Intel’s $8.5bn Award Amidst Business Troubles

Biden administration to reduce Intel's $8.5bn preliminary award under Chips Act as company lays off…

2 hours ago

Closing Arguments Delivered In Google Ad Tech Monopoly Case

Google, Justice Department make closing arguments in case targeting company's ad tech business, on heels…

2 hours ago

Huawei Releases Mate 70 Range To Challenge Apple

Huawei launches Mate 70 smartphones with AI-powered air gestures for cross-device file transfers to nearby…

3 hours ago

Apple’s Cook Visits China Amidst iPhone Sales Slowdown

Apple chief Tim Cook makes third public appearance in China this year amidst stiff domestic…

3 hours ago

Nvidia Chief Promises China Engagement Ahead Of New Sanctions

Nvidia chief Jensen Huang says the AI chip company plans to maintain presence in China…

4 hours ago