Broadcom Chip Flaw Opens Android Devices to WiFi Attack Monday Apr 10 2017 07:40 EDT A significant number of Android devices are susceptible to takeover via WiFi attack courtesy of a flaw in a Broadcom chipset, security researchers revealed this week. Project Zero researcher Gal Beniamini recently revealed a proof of concept exploit that uses Wi-Fi frames that contain irregular values, causing the firmware running on Broadcom's wireless system-on-chip to overflow its stack. Beniamini's exploit then overwrites specific regions of device memory with arbitrary shellcode, something an attacker could use to execute malicious code on vulnerable devices connected to a rogue access point. While the vulnerability impacts both Apple and Android devices, Apple has already patched the vulnerability via Monday's release of the iOS 10.3.1 update. Ars Technica notes that while Google is in the process of releasing an update in its April security bulletin, the fix will only apply to a limited number of Android devices. And given the fractured, staggered nature of the Android ecosystem -- and the lag from carriers that take a long time to pass these updates on -- it may still be some time before a fix is in the wild for the majority of Android devices. "Given the severity of the vulnerability, people with affected devices should install a patch as soon as it's available," notes Ars' Dan Goodin. "For those with vulnerable iPhones, that's easy enough. As is all too often the case for Android users, there's no easy way to get a fix immediately, if at all. That's because Google continues to stagger the release of its monthly patch bundle for the minority of devices that are eligible to receive it." |
17 recommendations |
The different between Apple and Android.."While the vulnerability impacts both Apple and Android devices, Apple has already patched the vulnerability via Monday's release of the iOS 10.3.1 update."
Apple has to release a single patch at one time and everyone is updated that installs the patch. Android on the other hand has a gazillion hardware vendors to deal with so rolling out a patch is much slower. | actions · 2017-Apr-10 8:24 am · (locked) |
7 recommendations |
It's patched... | actions · 2017-Apr-10 9:41 am · (locked) | RR ConductorRidin' the rails Premium Member join:2002-04-02 Redwood Valley, CA
4 recommendations |
Did Apple write this?I feel like I've just read a Apple sales pitch. | actions · 2017-Apr-10 7:49 am · (locked) |
3 recommendations |
One of the reasons I own a Nexus...I Just received Android 7.1.2 last Wednesday so I'm sure this will be a quickly released patch, however we pure android users who get our support from google ( Nexus 5x, 6p, or Pixels) will get this fix almost immediately, Sadly the Samsung Galaxy S.x & , LG G.x and others, will not.
I only wish for 2018 Google brings back the Nexus line and has 2 phone line up, 4 phones in all ( pixels 5.2 & 5.5 in screen for those who want the look and simplicity of an apple device and Nexus line 5.5 and 5.9 in screen for those who want to tweak , overclock and load custom roms let Huawei and Oneplus build the nexus devices) | actions · 2017-Apr-10 9:18 am · (locked) |
|