Monday, October 2, 2017

Security flaw found in Broadcom chipset allows hackers to hijack WiFi connected iPhones

According to a report from Google Project Zero, a security flaw has been found in iPhones and other devices that use Broadcom Wi-Fi chips. The weakness allows a hacker to remotely take over the device knowing only the MAC address or network-port ID. Since the MAC address of a connected device is easily obtained, it is considered a serious threat.
The report, "Broadcom: OOB write when handling 802.11k Neighbor Report Response," appeared on Google’s Chromium developer site a few months back. It was written by Gal Beniamini, the same person that found a similar vulnerability back in April. Beniamini says that the flaw exists on Broadcom chips running firmware version BCM4355C0.
The weakness can be exploited using a software hack. His exploit was tested on iOS 10.2 but he says it should work on all versions up to iOS 10.3.3. If you are running iOS 11, which just released on September 19, you should be safe as Apple has addressed the issue. However, it has not said when or if patches for earlier versions of iOS will be available.
"I've been able to verify that this code path exists on various different firmware versions, including those present on the iPhone 7 and Galaxy S7 Edge."
iPhones aren't the only devices at risk. Beniamini has confirmed that Apple TV, Android phones (including the S7 Edge), select routers and smart TVs are also "at risk." Apple says it has patched the problem in the most recent version of tvOS. Likewise, Google reports that it has addressed the issue on Nexus and Pixel devices.
Beniamini reported the issue to Broadcom and device makers in June and shared an exploit in August. It only became public today.
Other Android manufacturers should have patches forthcoming (if not already rolled out). As always, it's a good idea to keep your connected devices up to date.

No comments: