Apple yesterday made a number of security updates to its iOS mobile operating system, including a fix for a Wi-Fi chip vulnerability that could let hackers gain wireless access to iPhones and iPads.
The iOS 10.3.3 update addresses nearly four dozen security flaws, one of which, called "Broadpwn," lies in the Broadcom Wi-Fi chip used in many iPhones and Android devices. Google announced an Android fix for Broadpwn earlier this month. Apple's patch is available for the iPhone 5 and later, 4th-generation and later iPads, and the 6th-generation iPod touch.
The vulnerability could allow a remote actor to trigger a memory corruption error via Wi-Fi on a user's mobile device, according to details on Broadpwn from Security Tracker. That error could then enable the hacker to execute arbitrary code on the device without any actions by the user.
Chip Vulnerability on 'Millions' of Devices
Apple credits discovery of the Wi-Fi vulnerability to Nitay Artenstein, a security researcher with Exodus Intelligence. Artenstein is scheduled to discuss his findings later this month during a briefing at the Black Hat information security conference in Las Vegas.
"Remote exploits that compromise Android and iOS devices without user interaction have become an endangered species in recent years," Artenstein said in a description of his coming Black Hat presentation. "Such exploits present a unique challenge: Without access to the rich scripting environment of the browser, exploit developers have been having a hard time bypassing mitigations such as DEP and ASLR."
Rather than targeting a mobile device's operating system, though, Broadpwn takes aim at the Wi-Fi system on chip (SoC) that's used to handle a device's wireless connectivity. The vulnerability exists on "millions" of Android and iOS devices featuring the Broadcom SoC, Artenstein said.
"The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices -- from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices," he noted.
'Critical' Vulnerability, Easy To Deploy
In its July 5 Android Security Bulletin, Google described the severity of the Broadcom vulnerability as "critical." The U.S. Computer Security Resource Center's National Vulnerability Database, which published details about the vulnerability early last month, noted that taking advantage of the security flaw was not complex.
Wi-Fi SoCs are designed to handle a broad range of processing tasks related to wireless networking, Google security researcher Gal Beniamini wrote in an April blog post for Project Zero, Google's research program aimed at finding zero-day exploits. While such SoCs help to reduce power consumption and free up mobile device operating systems to focus on other tasks, they come with a cost, he added.
"Introducing these new pieces of hardware, running proprietary and complex code bases, may weaken the overall security of the devices and introduce vulnerabilities which could compromise the entire system," Beniamini said, adding that Broadcom's Wi-Fi SoCs are the most common Wi-Fi chipsets used on mobile devices.
Beniamini noted that Broadcom has said newer versions of its Wi-Fi SoC use a memory protection unit, "along with several additional hardware security mechanisms." He called such improvements "a step in the right direction."
Image credit: Product shots by Apple.
Posted: 2017-07-21 @ 2:30am PT
When news came down of Apple ending development of the AirPort line late last year, we needed to replace and chose the Google WiFi. Love these little guys.
My daughter could never stream video reliably in her room and now she can which makes me a hero.
Huge fan of Google WiFi but the bigger issue is if you have any AirPort hardware you should be looking at replacing ASAP.
We just got another big Broadcom zero day. The last AirPort update from Apple was late last year with 7.7.8. We have had three major zero days since and if you look at the teardowns, the Broadcom SoC is what is inside of the AirPort hardware, so replace with something.
We do NOT need a bunch of insecure hardware in people's home being leveraged for DDoS.