Monday, 31 July 2017

On 00:12 by admin   No comments
A particularly worrisome smartphone vulnerability has been made public at the recent Black Hat Conference 2017 in Las Vegas. This bug is a reason for concern because of the sheer number of devices it affects — phones running Broadcom BCM43xx WiFi modules — a list which includes all models of the Apple iPhone 5 and newer, Google Nexus 5/6/6X/6P, Samsung Note 3, and Samsung Galaxy S3-S8.

When an infected device detects another using the compromised Broadcom chip, it utilizes a poorly written piece of code which allows data sent to the WiFi chip to overflow from its memory into other device memory where it can run as a command. Apple and Google were made aware of this security flaw before it was released to the public, and both have written patches that help stop the firmware flaw in the Broadcom chip from compromising the operating system. If your phone is running the latest version of iOS or has the July Android security patches, then you're protected.

Now Android's fragmentation problem shows again. Apple and Google have direct links to their phones, allowing them to patch any models affected, but adding a middleman in the process brings delays. Will the older Galaxy phones get the update? Are there other device manufacturers who have used the problematic Broadcom chips which will never bother pushing the patch? Is this just another issue that drives people away from third party phones and towards first party offerings?


Post a comment