Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Thursday April 06 2017, @01:45PM   Printer-friendly
from the so-many-patches-today dept.

Apple fans, Android world scramble to patch Broadcom's nasty drive-by Wi-Fi security hole

Grab firmware updates ASAP

https://www.theregister.co.uk/2017/04/05/broadcom_wifi_chip_bugs/

-- submitted from IRC

More Detail about Broadcom Wi-Fi Security Problem

A Broadcom chip that handles WiFi connections has serious over-the-air security flaws that makes it possible to take over the chip wirelessly. This affects LG/Google Nexus 5, 6, 6P, most Samsung flagship devices, all iPhone 4 and later, newer iPods and iPads.

The wireless system-on-chip (SoC) firmware can with carefully crafted wireless frames using abnormal values in the metadata be tricked into overrunning its stack buffers. This in combination with the frequent timer firings makes it possible to gradually overwrite specific chunks of system-on-chip RAM until arbitrary code is executed. Details of the security flaw is described here.

Broadcom's hidden source code implementation is found to lag behind in modern security. Specifically, it lacks countermeasures like stack cookies, safe unlinking and access permission protection. Neglecting the security features in the microcontroller ARM Cortex R4. And once the system-on-chip is controlled. Escalation into the primary CPU can be attempted.

It seems the security flaw stems from the implementation of "Tunneled Direct Link Setup" (TDLS) or 802.11z, a seamless way to stream data directly between devices already on the same Wi-Fi network.

Lesson: Broadcom sucks, closed source sucks and new features may be just that and then some..

Kind of reminds of DVB over the air TV exploit. There sure are more wireless chips with clueless security.

Google and Apple Issue Security Updates for Critical Broadcom WiFi Vulnerabilities

Owners of Android and iOS devices should pay special attention to security updates released by Google and Apple on Monday, as they contain fixes for a series of critical bugs affecting their phone's WiFi component.

The issues, discovered by Google Project Zero security researcher Gal Beniamini, affect the Broadcom WiFi SoC (Software on Chip), included with many Android and iOS smartphones, and for which both Google and Apple include custom firmware with their OS.

According to Beniamini, a stack buffer overflow vulnerability in the Broadcom firmware code allows an attacker in the phone's WiFi range to send and execute code on the device.

Depending on the attacker's skills, he can deploy code that takes over the user's device and installs applications without the user's knowledge, such as adware, banking trojans, or ransomware.

The possible ways in which these bugs can be leveraged range from evil WiFi spots up to wardriving scenarios.

Both companies addressed the issue with updates released on Monday, with Apple releasing iOS 10.3.1, and Google delivering updates via its Android Security Bulletin for April 2017.

Beniamini described his findings, in the context of attacking a fully-patched Nexus 6P Android device, in a blog post published today.

Source: Bleeping Computer


Original Submission #1Original Submission #2Original Submission #3

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday April 06 2017, @07:06PM

    by Anonymous Coward on Thursday April 06 2017, @07:06PM (#489804)

    I got the 10.3.1 update on Tues