It was recently discovered that iOS and Android devices within range of a nefarious Wi-Fi network can be compromised. This can occur by simply being in proximity of a nefarious Wi-Fi network. Apparently, this vulnerability is in the Broadcom wireless chipsets that we see on iOS and Android devices. As far as we know the Broadcom Wi-Fi SoC equipped mobile devices have only been exploited by security researchers. The exploit is done by executing code when the device is in range. Once that occurs the devices can be compromised.
What’s particularly disturbing about this is that the unsuspecting user doesn’t need to do anything. Just simply be in proximity of a nefarious Wi-Fi network.
All of the discoveries have been communicated to Broadcom who have been quickly addressing the vulnerabilities and updating their vendors. Left unfixed attackers could use the same method researchers used to insert malicious code into the device.
Apple’s release of iOS 10.3.1 already addresses this issue. Due to the many vendors involved with Android device development, it will take a while longer to plug the holes on Android. Until the fix is in place an unpatched Android can be protected by simply disabling WiFi on the device.
A very detailed blog post on the Project Zero blog thoroughly explains and illustrates this vulnerability. Here’s a quote.
“In this two-part blog series, we’ll explore the exposed attack surface introduced by Broadcom’s Wi-Fi SoC on mobile devices. Specifically, we’ll focus our attention on devices running Android, although a vast amount of this research applies to other systems including the same Wi-Fi SoCs. The first blog post will focus on exploring the Wi-Fi SoC itself; we’ll discover and exploit vulnerabilities which will allow us to remotely gain code execution on the chip. In the second blog post, we’ll further elevate our privileges from the SoC into the the operating system’s kernel. Chaining the two together, we’ll demonstrate full device takeover by Wi-Fi proximity alone, requiring no user interaction.”
You can read the entire article here.