Support NeoGAF

[Coreda]

Security researchers discovered a vulnerability in Broadcom Wi-Fi chips used widely in Android and iOS devices that opens up the device to malicious code and hijacking, merely by being in range of a malicious wireless network.

Apple has patched the vulnerability with iOS 10.3.1, while Google is only releasing fixes for its own line of devices (Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player).

"An attacker within range may be able to execute arbitrary code on the Wi-Fi chip," Apple's accompanying advisory warned. In a highly detailed blog post published Tuesday, the Google Project Zero researcher who discovered the flaw said it allowed the execution of malicious code on a fully updated 6P "by Wi-Fi proximity alone, requiring no user interaction."

Google is in the process of releasing an update in its April security bulletin. The fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible. Company representatives didn't respond to an e-mail seeking comment for this post.

Given the severity of the vulnerability, people with affected devices should install a patch as soon as it's available. For those with vulnerable iPhones, that's easy enough. As is all too often the case for Android users, there's no easy way to get a fix immediately, if at all. That's because Google continues to stagger the release of its monthly patch bundle for the minority of devices that are eligible to receive it.

At the moment, it's not clear if there are effective workarounds available for vulnerable devices. Turning off Wi-Fi is one possibility, but as revealed in recent research into an unrelated Wi-Fi-related weakness involving Android phones, devices often relay Wi-Fi frames even when Wi-Fi is turned off.

Lock yo windows non-Google Android users.

 

[TheGamingBox]

The attacker needs to know your MAC address, you need to be on a vulnerable phone and the attacker has to be on the same network as you.

so dont connect to pubic wifi until you have the fix

 

[Sir Abacus]

so dont connect to pubic wifi until you have the fix

Yeah that's great. Except an attacker can literally walk into an airport and harvest anything that isn't patched from this 0-day.

 

[Coreda]

so dont connect to pubic wifi until you have the fix

That comment is misleading from what I've been reading. The exploit simply needs the vulnerable device to be in range of the signal. Also devices broadcast their MAC address while checking for Wifi networks.

 

[Jonnax]

The post from the researchers is a really good read. I recommend checking it out. It's quite technical but tells a really cool story in terms of how they reverse engineered it.

https://googleprojectzero.blogspot.co.uk/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

 

[Eusis]

That comment is misleading from what I've been reading. The exploit simply needs the vulnerable device to be in range of the signal. Also devices broadcast their MAC address while checking for Wifi networks.

And if wifi were off?

 

[Septimus Prime]

And here I was thinking that having an unlimited plan and only using cellular data was safe enough.

 

[Zeyphersan]

Super important everyone on iOS update to 10.3.1 ASAP. Unless you got one of those jailbreaks you're not willing to give up, I guess. But this might be more important

 

[Septimus Prime]

Oh, also, it might be fun to listen to today's episode of Reply All, which tells us a few other ways we're fucked.

 

[oRuin]

Guess my HTC One m8 won't be seeing this update. Gah.

 

[Coreda]

And if wifi were off?

Seems like it should a workaround as mentioned in the article, though they noted it mightn't be a complete safeguard (also IIRC a couple years ago Android still broadcast the device's MAC address even with Wifi disabled).

If the exploit becomes popular without a patch people would have to be pretty careful with where they enable Wifi.

 

[Keyouta]

Well fuck, I was avoiding Samsung's update to Android 7 on my S7 Edge because I don't want the battery to get worse.

 

[Zeyphersan]

Well fuck, I was avoiding Samsung's update to Android 7 on my S7 Edge because I don't want the battery to get worse.

I don't even think the newest Samsung update contains the fix, does it?

 

[Maxim726X]

Is the update already out on the 6P?

 

[Coreda]

Is the update already out on the 6P?

According to the Android security bulletin it should be ready.

Supported Google devices will receive a single OTA update with the April 05, 2017 security patch level.