Vulnerability in Broadcom Wifi Chips Could’ve Affected SmartPhones
It has been discovered that a security vulnerability found in Wifi Chips embedded into our smartphones – which enable them to access the internet and connect to other devices wirelessly – carried a bug until recently which could potentially allow hackers to hack into anyone of the billion iPhone or Android devices that exist out there. Since this discovery, Broadcom, the manufacturer of these Wifi Chips which powers every iPhone and Android device, has come under scrutiny.
Thankfully, the bug which is now being called Broadpwn, has been fixed by Google and Apple respectively. And it’s being suggested that users who could be affected should update their phones’ Operating Systems immediately. For Android users, this means the latest July security update and for iPhone users, it’s the iOS 10.3.3, also released in July.
Security experts believe, the exposure of this latest security vulnerability, indicates a shift in hacking trends. They are suggesting that since mainstream systems like application processors running iOS or Android have become so hardened by undergoing intense security research that the hackers are looking into new avenues – like wifi chips – in search of new security vulnerabilities to exploit.
The Broadpwn vulnerability was revealed in detail for the first time by Artenstein, a security expert, at the recently concluded Black Hat Conference in Las Vegas, where he demonstrated what a hacker could possibly do with the Broadpwn bug, by infecting a Samsung Galaxy with the worm, which then proceeded to infect another Galaxy phone without requiring any sort of human intervention.
So all hackers have to do to exploit this Broadpwn vulnerability is come “within the Wi-Fi range of the target” and execute the malicious code. The infected phone will turn into a rogue access point which would, in turn, infect nearby phones, quickly spreading from one device to another. The nature of the attack which does not require any human intervention has indeed raised alarm bells among security experts.
Artenstein, the security expert who uncovered Broadpwn vulnerability, started the process of reverse-engineering Broadcom’s chips about a year ago and received unexpected assistance when he stumbled upon the leak of the company’s source code on Github. And as he sifted through the code, he came across a security flaw in that part of the Broadcom code which handles automatic communications between the phone and an access point. This security flaw was later dubbed as Broadpwn.
He also observes that the phone’s kernel – the core of its operating system – was better protected than its Wifi controllers and other such components sourced from other third-party companies whose code Apple or Google don’t entirely control.
There’s no doubt the security threat landscape is evolving every day. And targeting third-party components of smartphones could be the ‘next best thing’ for hackers. Thankfully Broadpwn vulnerability stayed invisible to the eyes of the hacker community. If it hadn’t been so, nearly a billion devices could’ve been affected – one among the many reasons to keep your smartphone updated all the time.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.