I'll just have to wait for the update from my carrier/phone manufacturer or the heat death of the universe.
Which will come first?
Google's latest Android security update has landed, and at least one of the bugs it patches is a treat: since it's related to Broadcom chipsets, it will reach far beyond the Android ecosystem. “BroadPwn” (because there's no good bug without a brand) was turned up by Nitay Artenstein of Exodus Intelligence. You can find a full …
What could wrong with that?
Whatever happened to the concept of each layer of a protocol stacking stripping off just the stuff it dealt with and passing the rest up the line?
How many times does a packet get parsed, slurped or inspected before it end up on a screen of a modern phone?
Or is the real issue there is no transparency on how that code is developed or tested before it's deployed. I don't mean Android, I mean what's on Broadcomms chip sets.
According to Nitay's tweets (https://twitter.com/nitayart/status/883221981834997760 and https://twitter.com/nitayart/status/854913203708547073) this new Broadpwn exploit uses a similar attack surface to that reported by The Register in April (https://www.theregister.co.uk/2017/04/05/broadcom_wifi_chip_bugs/), but uses different over-the-air frames (not FT or TDLS) making it easier to deploy. It is surprising that the patches for that original issue did not block at least one of the mechanism on which this new attack depends.
The original Project Zero blog posts provide a very clear explanation of how bugs and insecure coding techniques in multiple layers of the the Wi-Fi chip's firmware, device drivers, and PCIe memory access can be exploited. They are well worth reading while we wait for more details of the latest attack:
https://googleprojectzero.blogspot.co.uk/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
https://googleprojectzero.blogspot.co.uk/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html
If it is a security update a lot of them do get these straight from Google, but if it an actual OS update it is more complicated.
In theory, ff SIM free it is the manufacturers, if was a carrier tweaked one it is the original carrier.
In practice it seems that it is often neither.
I know this gets said a lot, but this is why my last two phones have been pure Google android so I know that I get all the updates to the OS as soon as possible.