Recently Apple released the iOS 10.3.3 security patch which patches a huge WiFi exploit called BroadPwn. Apple rolling out this patch means that now both Apple and Android devices running the latest software are safe from the attack. Google rolled out it’s version of the patch on July the 5th 2017.
On the Black Hat security conference, researcher Nitay Artenstein showed the public a proof-of-concept that makes 1 billion mobile devices vulnerable to a WiFi-hopping worm dubbed BroadPwn. It uses malicious packets sent through WiFi waves to gain root access to a target device and execute code remotely. Now what makes this attack interesting is that it is self-replicating and can infect other devices to further spread the malware.
The vulnerability manifests itself in Broadcom WiFi chips from the BCM43xx family that are widely used in smartphones. This includes a wide range of Android devices but also the iPhone 5th generation and newer as well as iPads and iPods.
To execute the exploit, the attacker must be within WiFi range of the victim. The attacker could also infect a router to make this more easy. Once a vulnerable device is within proximity, the chain reaction is set off where the infected chip will further spread the malware. Luckily the security researcher didn’t have any malicious intent with the malware as it was just a proof-of-concept. So infected devices are currently not having any credentials stolen.
However, now the exploit is out there it could be used by cyber criminals to steal credentials nonetheless. So make sure you update your software as soon as possible. Whilst all iOS devices have an available patch, it’s not guaranteed that all Android devices have a patch available for this exploit. If you have an unpatched version of Android running on your device, you can prevent the attack from turning off both WiFi and location services.
Self-spreading viruses or worms like this one were a lot more common in the early days of computer hacking. Now with the growing on the IoT (Internet of Things), there are new attack vectors to be discovered. Your fridge might secretly hack your phone and your phone might infect your best friend’s oven, who knows?
“Old school hackers often miss the ‘good old days’ of the early 2000s, when remotely exploitable bugs were abundant, no mitigations were in place to stop them, and worms and malware ran rampant, but with new research opening previously unknown attack surface such as the BCM Wi-Fi chip, those times may just be making a comeback.” – Nitay Artenstein
Even though the BroadPwn exploit worked on a lot of phones, the researcher doesn’t believe it will work on laptops and desktops. WiFi chipsets of computers have a more limited access to the networking functions, making the attack useless. Still, after this proof of concept another hacker, being good or bad, might be inspired to find new exploits that HAVE access to those computer WiFi chips. I guess only time will tell.