Security flaw found in Broadcom chipset allows hackers to hijack WiFi connected iPhones

Cal Jeffrey

Cal Jeffrey

Posts: 4,179   +1,424
Staff member

According to a report from Google Project Zero, a security flaw has been found in iPhones and other devices that use Broadcom Wi-Fi chips. The weakness allows a hacker to remotely take over the device knowing only the MAC address or network-port ID. Since the MAC address of a connected device is easily obtained, it is considered a serious threat.

The report, "Broadcom: OOB write when handling 802.11k Neighbor Report Response," appeared on Google’s Chromium developer site a few months back. It was written by Gal Beniamini, the same person that found a similar vulnerability back in April. Beniamini says that the flaw exists on Broadcom chips running firmware version BCM4355C0.

The weakness can be exploited using a software hack. His exploit was tested on iOS 10.2 but he says it should work on all versions up to iOS 10.3.3. If you are running iOS 11, which just released on September 19, you should be safe as Apple has addressed the issue. However, it has not said when or if patches for earlier versions of iOS will be available.

"I've been able to verify that this code path exists on various different firmware versions, including those present on the iPhone 7 and Galaxy S7 Edge."

iPhones aren't the only devices at risk. Beniamini has confirmed that Apple TV, Android phones (including the S7 Edge), select routers and smart TVs are also "at risk." Apple says it has patched the problem in the most recent version of tvOS. Likewise, Google reports that it has addressed the issue on Nexus and Pixel devices.

Beniamini reported the issue to Broadcom and device makers in June and shared an exploit in August. It only became public today.

Other Android manufacturers should have patches forthcoming (if not already rolled out). As always, it's a good idea to keep your connected devices up to date.

Permalink to story.

https://www.techspot.com/news/71146-security-flaw-found-broadcom-chipset-allows-hackers-hijack.html

 
GreenNova343 said:
So...how are you supposed to know whether your device has Broadcomm chips that are running that firmware?
Click to expand...
Yeah that's the problem. There is no way to check. You just have to keep your device updated and keep an eye on patch notes to see if the fix is included. I'm sure the manufacturers are on top of this. They've known about it since earlier this year.
 
  • Like
Reactions: GreenNova343
Well, not quite so dire -- our iMac 14 i5 reports that the wifi chip is:
  • Airport Extreme, firmware: Broadcom BCM43xx 1.0
So at least it is visible on the desktop. Our iPads & iPhones are not so friendly as to disclose transparently.
 
Unfortunately, there are some devices that can't be updated beyond 9.3.5 :sigh:
 
Half the articles out there are saying don't update. The other half are saying update. LOL!!...and you wonder why all the non-techies are throwing their hands up.
 
roberthi said:
Half the articles out there are saying don't update. The other half are saying update. LOL!!...and you wonder why all the non-techies are throwing their hands up.
Click to expand...
Oh Yeah :sigh:

If you are NOT on iOS 10.3.3 be sure to do so S O O N.

Some however (eg: iPad mini 2) can not move beyond 9.3.5; ouch
 
jobeard said:
Unfortunately, there are some devices that can't be updated beyond 9.3.5 :sigh:
Click to expand...

True, but that's not exactly a long list:
  • iPad 2 (released 3-11-2011, discontinued 3-18-2014)
  • iPhone 4S (released 10-14-2011, discontinued 9-9-2014)
  • iPad, 3rd-gen (released 3-16-2012, discontinued 10-23-2012)
  • iPad Mini, 1st-gen (released 11-2-2012, discontinued 6-19-2015)
Devices older than those weren't even able to upgrade past iOS 7, so they're not as big of a concern (I.e. iPhone 4 could only go through iOS 7, the iPhone 3G & my old 4th-gen iPod Touch could only get to iOS 6).

That being said...assuming that someone is still holding on to one of these older devices (which is probably much less likely on the phones), it probably just means it's time to consider replacing it. If you absolutely can't replace it, I'd say be careful to only connect to Wi-Fi networks that you can trust 100% (I.e. your home network, maybe your BFF's/family's/in-law's, etc.).
 
GreenNova343 said:
True, but that's not exactly a long list:
  • iPad 2 (released 3-11-2011, discontinued 3-18-2014)
  • iPhone 4S (released 10-14-2011, discontinued 9-9-2014)
  • iPad, 3rd-gen (released 3-16-2012, discontinued 10-23-2012)
  • iPad Mini, 1st-gen (released 11-2-2012, discontinued 6-19-2015)
Click to expand...
Well done - - I got lazy on this one. Yep, I've kept our iPad Mini 2.5 purchase back in 2006 and it's falling behind.
 
I know. It's sad that consumer electronics like these can't keep pace like PC hardware can (I mean, Sandy Bridge is just as old but those Core i5/i7 CPUs can still run 64-bit Windows 10 & modern applications/games nearly as well as the latest CPUs). Probably the whole "planned obsolescence" idea.
 
You must log in or register to reply here.

Similar threads

midian182
HPE fell victim to the same Russian hackers that breached Microsoft
Replies
1
Views
169
ZedRM
ZedRM
Daniel Sims
LG TV owners should update their firmware, webOS vulnerability found in a few models
Replies
8
Views
136
subnex
S
A
VMware forced to patch dangerous vulnerabilities in discontinued products
Replies
0
Views
113
Alfonso Maruccia
A

Latest posts

Back