Broadpwn Bug Affects Millions of Android and iOS Devices

Broadcom Wi-Fi chips embedded in Android and iOS devices are vulnerable to a bug that allows an attacker to execute code on their devices, without any interaction needed from the user.

The bug was discovered by security researcher Nitay Artenstein, is nicknamed Broadpwn, and tracked as CVE-2017-9417.

Artenstein reported the bug in private to Google, who included a fix for this issue in the Android Security Bulletin for July 2017, released this week, on July 5.

No public information available yet

Artenstein has not disclosed any information about the bug or exploit to the public, and he’s set to give a presentation about Broadpwn at this year’s Black Hat USA security conference that will be held in Las Vegas at the start of August.

In the few details he revealed about the bug, Artenstein says Broadpwn “affects millions of Android and iOS devices” that use Broadcom Wi-Fi chips to handle network communications.

The researcher specifically points the finger at the Broadcom BCM43xx family of Wi-Fi chips included in “an extraordinarily wide range of mobile devices” from vendors such as Google (Nexus), Samsung, HTC, and LG.

Researcher reverse engineers Android security patch

Zhuowei Zhang, another Android security expert, has reversed engineered the Android July 2017 security patch just to dig out more details about Broadpwn.

Zhang says the bug appears to be a heap overflow in the firmware of Broadcom Wi-Fi chips. The researcher says exploitation takes place when the user’s device “receives a WME (Quality-of-Service) information element with a malformed length from a connected network.”

The attacker doesn’t need any user interaction to exploit the feature. A victim only needs to walk into the attacker’s Wi-Fi network range. Artenstein has later confirmed on Twitter that connecting to a malicious network is not necessary.

By July 8, 2017Full article:

Source: Broadpwn Bug Affects Millions of Android and iOS Devices

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s