dslreports logo
 story category
Broadcom Chip Flaw Opens Android Devices to WiFi Attack

A significant number of Android devices are susceptible to takeover via WiFi attack courtesy of a flaw in a Broadcom chipset, security researchers revealed this week. Project Zero researcher Gal Beniamini recently revealed a proof of concept exploit that uses Wi-Fi frames that contain irregular values, causing the firmware running on Broadcom's wireless system-on-chip to overflow its stack. Beniamini's exploit then overwrites specific regions of device memory with arbitrary shellcode, something an attacker could use to execute malicious code on vulnerable devices connected to a rogue access point.

Click for full size
While the vulnerability impacts both Apple and Android devices, Apple has already patched the vulnerability via Monday's release of the iOS 10.3.1 update.

Ars Technica notes that while Google is in the process of releasing an update in its April security bulletin, the fix will only apply to a limited number of Android devices. And given the fractured, staggered nature of the Android ecosystem -- and the lag from carriers that take a long time to pass these updates on -- it may still be some time before a fix is in the wild for the majority of Android devices.

"Given the severity of the vulnerability, people with affected devices should install a patch as soon as it's available," notes Ars' Dan Goodin. "For those with vulnerable iPhones, that's easy enough. As is all too often the case for Android users, there's no easy way to get a fix immediately, if at all. That's because Google continues to stagger the release of its monthly patch bundle for the minority of devices that are eligible to receive it."

Most recommended from 32 comments



battleop
join:2005-09-28
00000

17 recommendations

battleop

Member

The different between Apple and Android..

"While the vulnerability impacts both Apple and Android devices, Apple has already patched the vulnerability via Monday's release of the iOS 10.3.1 update."

Apple has to release a single patch at one time and everyone is updated that installs the patch. Android on the other hand has a gazillion hardware vendors to deal with so rolling out a patch is much slower.
GLIMMER
join:2004-01-17
Fisher, IL

7 recommendations

GLIMMER

Member

It's patched...

Yes Google has patched it.

»source.android.com/secur ··· 17-04-01

RR Conductor
Ridin' the rails
Premium Member
join:2002-04-02
Redwood Valley, CA

4 recommendations

RR Conductor

Premium Member

Did Apple write this?

I feel like I've just read a Apple sales pitch.

buddahbless
join:2005-03-21
Premium

3 recommendations

buddahbless

Member

One of the reasons I own a Nexus...

I Just received Android 7.1.2 last Wednesday so I'm sure this will be a quickly released patch, however we pure android users who get our support from google ( Nexus 5x, 6p, or Pixels) will get this fix almost immediately, Sadly the Samsung Galaxy S.x & , LG G.x and others, will not.

I only wish for 2018 Google brings back the Nexus line and has 2 phone line up, 4 phones in all ( pixels 5.2 & 5.5 in screen for those who want the look and simplicity of an apple device and Nexus line 5.5 and 5.9 in screen for those who want to tweak , overclock and load custom roms let Huawei and Oneplus build the nexus devices)