Vulnerability in Broadcom Wifi Chips might have affected SmartPhones.


The security vulnerability of wifi chips embedded in our smartphones, allowing them to access the internet and connect to other devices wirelessly, has been discovered until recently and may potentially allow hackers to hack into any billion of their iPhone or Android devices. Broadcom, the manufacturer of this wifi Chips that power every iPhone and Android smartphone, has been scrutinized since this discovery.

Thankfully, Google and Apple respectively patched the bug called Broadpwn. So consumers who may be affected will immediately upgrade their phones’ operating systems. For Android devices, this is the most recent security update in July, and the iOS 10.3.3 is also released for iPhone users in July.

The discovery of the current technology vulnerability by security analysts signals a change in hacking patterns. We say that because popular devices like iOS or Android application processors are hardened by comprehensive safety testing, hackers are searching for new avenues – like wifi chips – to exploit new security vulnerabilities.

Artenstein, a security expert at the recently concluded Black Hat Conference in Las Vegas, first exposed the Broadpwn vulnerability in-depth and demonstrated what a hacker could do with the Broadpwn bug by infecting a Samsung Galaxy with a worm, then affecting a second Galaxy Phone, without needing any kind of human intervention.

Thus all hackers must exploit the Broadpwn vulnerability and execute the malicious code “within the wifi range of the target.” The infected telephone becomes a rogue access point, which in effect infects neighbouring phones and spreads quickly from one system to another. The nature of the attack, which needs no human involvement, has also worried security experts.

A security expert Artenstein, who discovered the weakness in the Broadpwn region, began the reverse engineering process of Broadcom chips about a year ago and was unexpectedly helped when he stumbled on Github’s leak of source code. And as he sifted the code, in that section of the Broadcom code, he found a safety flaw that manages automatic contact between the phone and the access point. This security flaw was later referred to as Broadpwn.

He also states that the phone kernel – the cornerstone of its device – was better secured than its wifi controllers and other similar components from other third-party companies that do not entirely monitor Apple or Google code.

The landscape of the security threat changes every day. And the ‘next best thing for hackers’ could be targeting third-party components of smartphones. Fortunately, the vulnerability of Broadpwn remained invisible to the hacker community ‘s eyes. If it hadn’t been so, almost a billion devices could have been affected – one of the many reasons to keep your smartphone up-to-date all the time.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.