CrAKeN Posted April 4, 2017 Share Posted April 4, 2017 Owners of Android and iOS devices should pay special attention to security updates released by Google and Apple on Monday, as they contain fixes for a series of critical bugs affecting their phone's WiFi component. The issues, discovered by Google Project Zero security researcher Gal Beniamini, affect the Broadcom WiFi SoC (Software on Chip), included with many Android and iOS smartphones, and for which both Google and Apple include custom firmware with their OS. Bugs allow remote hacking of Android and iOS devices According to Beniamini, a stack buffer overflow vulnerability in the Broadcom firmware code allows an attacker in the phone's WiFi range to send and execute code on the device. Depending on the attacker's skills, he can deploy code that takes over the user's device and installs applications without the user's knowledge, such as adware, banking trojans, or ransomware. The possible ways in which these bugs can be leveraged range from evil WiFi spots up to wardriving scenarios. Both companies addressed the issue with updates released on Monday, with Apple releasing iOS 10.3.1, and Google delivering updates via its Android Security Bulletin for April 2017. Beniamini described his findings, in the context of attacking a fully-patched Nexus 6P Android device, in a blog post published today. Broadcom needed four months to patch all issues The iOS and Android RCE attacks are two of ten flaws Beniamini discovered in Broadcom's WiFi SoC firmware. None of these flaws affected the Android and iOS operating systems per-se, but the source code of the Broadcom firmware. Both OS makers had to wait for over four months until the chip maker finally managed to fix all flaws. These security bugs were particularly difficult, both in numbers and complexity, as Broadcom asked Beniamini for an extension to Project Zero's 90-day public disclosure policy so they could finish the patching process. Source Link to comment Share on other sites More sharing options...
dMog Posted April 4, 2017 Share Posted April 4, 2017 on my android...I never go on public wifi... use of data only.... Link to comment Share on other sites More sharing options...
Karlston Posted April 5, 2017 Share Posted April 5, 2017 2 hours ago, CrAKeN said: a series of critical bugs affecting their phone's WiFi component So it doesn't affect Android and iOS tablets then? Pet hate... iPhone DOES NOT EQUAL iOS! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.