The bug was discovered by security researcher Nitay Artenstein, is nicknamed Broadpwn, and tracked as CVE-2017-9417.
Artenstein reported the bug in private to Google, who included a fix for this issue in the Android Security Bulletin for July 2017, released this week, on July 5.
No public information available yet
Artenstein has not disclosed any information about the bug or exploit to the public, and he’s set to give a presentation about Broadpwn at this year’s Black Hat USA security conference that will be held in Las Vegas at the start of August.
In the few details he revealed about the bug, Artenstein says Broadpwn “affects millions of Android and iOS devices” that use Broadcom Wi-Fi chips to handle network communications.
The researcher specifically points the finger at the Broadcom BCM43xx family of Wi-Fi chips included in “an extraordinarily wide range of mobile devices” from vendors such as Google (Nexus), Samsung, HTC, and LG.
Researcher reverse engineers Android security patch
Zhuowei Zhang, another Android security expert, has reversed engineered the Android July 2017 security patch just to dig out more details about Broadpwn.
Zhang says the bug appears to be a heap overflow in the firmware of Broadcom Wi-Fi chips. The researcher says exploitation takes place when the user’s device “receives a WME (Quality-of-Service) information element with a malformed length from a connected network.”
The attacker doesn’t need any user interaction to exploit the feature. A victim only needs to walk into the attacker’s Wi-Fi network range. Artenstein has later confirmed on Twitter that connecting to a malicious network is not necessary.
By Catalin Cimpanu July 8, 2017Full article: