Categories: Security

Wi-Fi Bug Leaves Android & iPhone Seriously Vulnerable To Hackers

Computer security experts are warning users of Apple and Android mobile devices to apply patches to fix vulnerabilities affecting widely used Wi-Fi hardware.

The bugs, reported by Google’s Project Zero, affect Wi-Fi chips made by Broadcom, the most common Wi-Fi chipsets on mobile devices.

iPhone, Android affected

The affected chipsets are used by all iPhones since the iPhone 4 , most Samsung flagship Android devices and Google’s Nexus 5, 6 and 6P, amongst other handsets, Google said.

Google has released a proof-of-concept exploit demonstrating that the bugs could be used to take over the Wi-Fi functions of the affected devices, and said it plans to demonstrate how that attack can then be used to take complete control of affected devices in a further advisory.

The attacks can be launched by anyone using the same Wi-Fi network as a vulnerable device, according to Google.

Apple said it fixed the issues in its iOS 10.3.1 update, released only days after the major iOS 10.3 release.

The company acknowledged the flaws could allow an attacker within range to “execute arbitrary code on the Wi-Fi chip”.

Google has also released patches for Android addressing the issues, but availability for specific devices varies by manufacturer or wireless carrier.

Security ‘lag’

That means Apple’s iPhones and Google’s Nexus and Pixel devices running up-to-date software are protected from the flaws, but other devices may still be vulnerable.

Google security researcher Gal Beniamini said the flaws result from the fact that Broadcom’s chips neglect to use modern security techniques such as code heap cookies, data execution prevention (DEP) and address space layout randomisation (ASLR). As a result, exploits including stack buffer overflows and heap overflows are made possible.

“While the firmware implementation on the Wi-Fi SoC is incredibly complex, it still lags behind in terms of security,” he wrote.

He published exploit code demonstrating how an attacker could take over a Broadcom Wi-Fi chip.

The exploit could allow an attacker to steal information passing over the Wi-Fi connection, but could also be used to launch an attack on the main device, Beniamini said, promising to outline such an attack in a further blog post.

“We’ll see how we can use our assumed control of the Wi-Fi SoC in order to further escalate our privileges into the application processor, taking over the host’s operating system,” he wrote.

Security firm Sophos said the issues could easily extend to other Broadcom chipsets, making the scale of the security weaknesses involved difficult to estimate.

“The problem is that this particular bug and the current patches for it are more of an example and a symptom than a general fix,” wrote Sophos researcher Paul Ducklin in an advisory.

He said users should check with their smartphone wireless carrier or manufacturer for updates, and avoid using Wi-Fi in public places.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Russia Seeks To Fine Google, Meta On Annual Turnover

Russian regulator applies to court to fine US tech giants percentage of annual Russian turnover,…

3 hours ago

The Business of the Metaverse

Is Facebook’s vision of the Metaverse a realistic proposition for businesses? Silicon UK spoke to…

5 hours ago

Apple Loses Engineering Director From Car Project

Another departure of a major figure from Apple's much delayed Car project, as director of…

20 hours ago

Former Google Scientist Timnit Gebru Founds AI Institute

One year after her controversial exit from Alphabet's Google, AI scientist Timnit Gebru launches small…

23 hours ago

Apple Shares Dip Amid Slowing iPhone 13 Demand – Report

Worrying sign? Apple tells suppliers that consumer demand for the iPhone 13 has slowed, ahead…

24 hours ago