More than a billion iOS and Android phones vulnerable to critical leak through Wifi chip

A security researcher has found a serious vulnerability in a Wifi chip that can be found in smartphones of all kinds of manufacturers. At least 1 billion smartphones that are currently in use can be hacked through the vulnerability. The vulnerability has been called Broadpwn.

ADVERTISEMENT

Researcher Nitay Artenstein from Exodus Intelligence discovered a vulnerability in the Wifi chips from Broadcom. These chips are used in iPhones from Apple and Android phones from many known manufactures such as Samsung.

Apple patched the leak last week with an update. Google released an update for Android phones earlier this month, however many old phones will likely never get the update.

The method used by Artenstein abuses the connection process with known Wifi networks. Due to a bug in that process it was possible to compromise the Wifi module. With a worm, also developed by Artenstein, it was possible to distribute a worm that could also spread itself without any user interaction.

ADVERTISEMENT

According to Artenstein it was likely also possible to take-over the kernel of the phone. He decided not to do so, but thinks that it would be fairly easy for a real attacker with the right tools.

Artenstein, who presented his research yesterday during the hacker conference Black Hat in Las Vegas, has found that mobile operating systems are better and better protect against hackers. Therefore hackers more and more focus on weak spots on smartphones such as the relative obscure chips that can be found in many devices.

No posts to display