Sign in / up

back to article Google patches pwnable 'droids for Wi-Fi vuln

Google's latest Android security update has landed, and at least one of the bugs it patches is a treat: since it's related to Broadcom chipsets, it will reach far beyond the Android ecosystem. “BroadPwn” (because there's no good bug without a brand) was turned up by Nitay Artenstein of Exodus Intelligence. You can find a full …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    I'll just have to wait for the update from my carrier/phone manufacturer or the heat death of the universe.

    Which will come first?

    12 0 Reply
  2. JakeMS
    Flame

    No problem!

    Just updated the LineageOS on my Asus Zenfone Max last night (6th of July) which included the July security patches :-)

    Just update your phones guys!

    Unless, you have a Samsung in which case it may catch fire during update.

    4 3 Reply
  3. John Smith 19 Gold badge
    Unhappy

    let's put more intelligence in our peripherals.

    What could wrong with that?

    Whatever happened to the concept of each layer of a protocol stacking stripping off just the stuff it dealt with and passing the rest up the line?

    How many times does a packet get parsed, slurped or inspected before it end up on a screen of a modern phone?

    Or is the real issue there is no transparency on how that code is developed or tested before it's deployed. I don't mean Android, I mean what's on Broadcomms chip sets.

    7 1 Reply
  4. Dan 55 Silver badge
    Devil

    And will Broadcom release open source drivers?

    Answers on the back of a postage stamp...

    1 0 Reply
    1. analyzer
      Reply Icon

      Re: And will Broadcom release open source drivers?

      You really think you'll need *that* much space?

      0 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    Where does the "remote code execution" happen

    If it exploits this closed source OS running on the wifi chip, how does that exploit the phone's OS? That shouldn't be possible unless the phone's OS trusts its hardware too much - which it definitely shouldn't in this case, obviously.

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Where does the "remote code execution" happen

      According to Nitay's tweets (https://twitter.com/nitayart/status/883221981834997760 and https://twitter.com/nitayart/status/854913203708547073) this new Broadpwn exploit uses a similar attack surface to that reported by The Register in April (https://www.theregister.co.uk/2017/04/05/broadcom_wifi_chip_bugs/), but uses different over-the-air frames (not FT or TDLS) making it easier to deploy. It is surprising that the patches for that original issue did not block at least one of the mechanism on which this new attack depends.

      The original Project Zero blog posts provide a very clear explanation of how bugs and insecure coding techniques in multiple layers of the the Wi-Fi chip's firmware, device drivers, and PCIe memory access can be exploited. They are well worth reading while we wait for more details of the latest attack:

      https://googleprojectzero.blogspot.co.uk/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

      https://googleprojectzero.blogspot.co.uk/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html

      0 0 Reply
  6. TrumpSlurp the Troll
    Paris Hilton

    Who updates SIM free phones?

    They (allegedly) don't have the carrier's cruft, just the manufacturers.

    So does the current carrier update, or the manufacturer?

    Also, if you unlock the phone and switch carriers who pushes the updates?

    2 0 Reply
    1. Is It Me
      Reply Icon

      Re: Who updates SIM free phones?

      If it is a security update a lot of them do get these straight from Google, but if it an actual OS update it is more complicated.

      In theory, ff SIM free it is the manufacturers, if was a carrier tweaked one it is the original carrier.

      In practice it seems that it is often neither.

      I know this gets said a lot, but this is why my last two phones have been pure Google android so I know that I get all the updates to the OS as soon as possible.

      1 0 Reply
    2. phuzz Silver badge
      Reply Icon

      Re: Who updates SIM free phones?

      It's something you should check before you buy your phone; how often, and for how long will it get updates?

      Which narrows it down to either a Google phone, or something with good 3rd party ROM support.

      0 1 Reply
      1. Fred Dibnah
        Reply Icon

        Re: Who updates SIM free phones?

        Or an iPhone.

        (Ducks for cover)

        0 0 Reply
  7. Anonymous Coward
    Anonymous Coward

    A little birdie mentioned that Apple used Broadcom wifi chips in some of their kit. Any word whether they are vulnerable? Anon to respect the birdie...

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like