A researcher discovered a new bug, which is called Broadpwn, and it is impacting millions of Android and iOS devices. This new bug is found within the Broadcom Wi-Fi chips, which are put into both iOS and Android devices. This new bug could potentially allow for someone to execute codes without the user needing to interact with the device or the code. Read on to learn more about Broadpwn and what this means for both iOS and Android devices.
Broadpwn Bug Could Harm Millions of iOS & Android Devices
The researcher, Nitay Artenstein, had contacted Google privately to warn the company about the Broadpwn bug. Google included a fix for this bug in the Security Bulletin for Android for July. The July Android Security Bulletin was released just a week ago. This means that if you have an Android device, you need to make sure you download the new July Security Bulletin so that you can prevent the Broadpwn bug from affecting your Android device. This bug is known as Broadpwn, but it will show up as CVE-2017-9417.
As far as what Broadpwn could do to Android or iOS devices, the researcher has not publicly stated the implications or possible issues related to the bug. He is set to make a presentation in August at the Black Hat USA Conference, which will include details on Broadpwn.
The researcher has really only stated that millions of both iOS and Android devices are impacted and that it comes back to the Broadcom Wi-Fi Chips. Specifically, the BCM43xx model of chips are found within most Android and iOS devices. These chips are embedded into both iOS and Android devices and are needed for network communications.
Broadpwn Details From Android Expert
An Android security researcher, Zhuowei Zhang, has been reverse engineering the Android Security Bulletin in order to try to figure out more about Broadpwn. This researcher says that the Broadcom Wi-Fi chips seem to have a heap overflow in them. What happens is that when your device is getting the Quality-of-Service information this is when the exploitation is happening.
There is a element that has a length that is malformed, which is coming from a connected network. When it comes to the attack, no interaction is needed from the user in order to make the exploitation happen. Essentially, you just have to be in the Wi-Fi range of the attacker for this exploitation to occur. You do not need to even connect to a malicious network in order to end up being exploited.
When it comes to the Android July Security Bulletin, the Broadpwn bug is labeled as a “critical” issue by Google. This means that Google believes this is a very dangerous bug, although we still do not have a ton of hardcore details about it. As far as what you can do on Android to prevent the bug, simply downloading the new Security Bulletin for July is a start.
Regardless of whether or not you are on Android or iOS, you also should make sure you are only connecting to Wi-Fi networks that you trust. Disable the automatic connect to Wi-Fi networks option on your device. Beyond that, we do not have more information about how this Broadpwn bug is being handled on the iOS side of things.