Broadcom WiFi Chipset Driver Defect Takes Its Toll On OSs, IoTs, Phones and Other Devices.

[The AchieVer]

Broadcom WiFi Chipset Driver Defect Takes Its Toll On OSs, IoTs, Phones and Other Devices.

 

 

Reportedly, the flaws in the Broadcom WiFi chipset drivers are causing a lot of trouble for phones and operating systems that are exposed to it.

 

This means, attackers could be allowed to execute arbitrary code and initiate DOS. (Denial of Service)

 

As reported by an intern of a reputed lab, the Broadcom drivers and the open source “brcmfmac” driver possess several vulnerabilities.

 

As it turns out, the Broadcom drivers are susceptible to “two heap buffer overflows.” Whereas, the ‘brcmfmac’ drivers are susceptible to frame validation bypass as well as heap buffer overflow.

 

Per the Common Weakness Enumeration database, the heap buffer overflows could cause the software to run in an infinite loop, system crashes, along with execution of arbitrary code.

 

These above activities are evidently beyond the security policies and security services.

 

The aforementioned Broadcom WiFi chips are insidiously used by almost everyone without their knowing it. From a laptop through the IoT devices to the smart TVs all the devices have these chip drivers.

 

As these chips are enormously prevalent, they comprise of an even more enormous target range. Any simple vulnerability or flaw found in them could be a matter of serious risk.

 

The Broadcom WiFi chipset drivers could be easily exploited by the unauthenticated attackers by way of sending malicious “WiFi packets”.

 

These packets would later on help in initiating the arbitrary code execution. All the attacks would simply lead to Denial of Service.

 

In the list of the risks that stand to vulnerable devices, Denial of Service attacks and arbitrary code execution are on the top. These flaws were found also in Linux kernel and the firmware of Broadcom chips.

 

According to the source note, the four brcmfmac and Broadcom wl drivers vulnerability is of the sort, CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, CVE-2019-9503.

 

·       CVE-2019-9503: When the driver receives the firmware event frame from the remote source, it gets discarded and isn’t processed. When the same is done from the host the appropriate handler is called. This validation could be bypassed if the bus used is a USB.

 

·       CVE-2019-9500: A malicious event frame could be constructed to trigger a heap buffer overflow.

 

·       CVE-2019-9501: The vendor is supplied with the information with data larger than 32 bytes and  a heap buffer overflow is triggered in “wlc_wpa_sup_eapol”

 

·       CVE-2019-9502: when the vendor information data length is larger than 164 bytes a heap buffer overflow is triggered in “wlc_wpa_plumb_gtk”

 

If the wl driver’s used with SoftMAC chipsets the vulnerabilities are triggered in the host’s kernel whereas, when used with FullMAC chipset, they are triggered in chipset’s firmware.

 

There are approximately over 160 vendors that stand vulnerable to Broadcom WiFi chipsets within their devices.

 

Two of Broadcom’s vulnerabilities were patched which were found in the open source brcmfmac Linux kernel.

 

CVE-2019-8564 vulnerability had been patched by Apple as a part of their security update, a day before the developer revealed the vulnerabilities.

 

 

 

Source

[straycat19]

Am I the only one who ever gets tired of hearing these modern fairy tales based on the story of Chicken Little (The Sky is Falling (end of the world)) which is also known as Henny Penny or Chicken Licken and is at least 25 centuries old?  It's good that it was patched, probably, but how many of these research lab found exploits are actually ever used publicly?  Answer is hardly ever to none.  When you set a device up in a lab and then manipulate it so that what you are trying to do actually occurs you are creating an environment that will, within the science of probability, never happen in the real world. Unfortunately, these articles are written for the Chicken Littles of the world today.

[f33nix]

@straycat19 I cannot agree more.

 

I also liked the line when they said:

23 hours ago, The AchieVer said:

The aforementioned Broadcom WiFi chips are insidiously used by almost everyone without their knowing it. From a laptop through the IoT devices to the smart TVs all the devices have these chip drivers.

What do they mean insidiously!  You mean that it's hidden?  The user never knew that they had WiFi in their TV/smartdevice that has some other kind of "magic" way of connecting to their WiFi router.

 

Talk about scaremongering.

[The AchieVer]

22 minutes ago, f33nix said:

 

I also liked the line when they said:

What do they mean insidiously!  You mean that it's hidden?  The user never knew that they had WiFi in their TV/smartdevice that has some other kind of "magic" way of connecting to their WiFi router.

 

Talk about scaremongering.

 

The chips are not hidden, but perhaps, the Broadcom drivers and the open source “brcmfmac” driver possess several vulnerabilities , which the users are not aware of.

 

Regards

[DKT27]

17 hours ago, straycat19 said:

Am I the only one who ever gets tired of hearing these modern fairy tales based on the story of Chicken Little (The Sky is Falling (end of the world)) which is also known as Henny Penny or Chicken Licken and is at least 25 centuries old?  It's good that it was patched, probably, but how many of these research lab found exploits are actually ever used publicly?  Answer is hardly ever to none.  When you set a device up in a lab and then manipulate it so that what you are trying to do actually occurs you are creating an environment that will, within the science of probability, never happen in the real world. Unfortunately, these articles are written for the Chicken Littles of the world today.

 

I have a slightly different views about things. News like this reminds people of one thing, non-updated softwares are always at risk of security issues. There are millions out there who do not care for updating their softwares and hackers know this very well and they exploit it.