• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Broadcom Wi-Fi SoC Vulnerability – Daily Security Byte

April 4, 2017 By Corey Nachreiner

Yesterday, Apple released an emergency update for iOS devices, fixing a critical code execution vulnerability in the Wi-Fi chip that ships with iPhones and iPads. Today, we learned that this vulnerability actually affects all devices that using a particular Broadcom Wi-Fi chip. If an attacker can get within wireless range of affected devices, he could exploit this flaw to execute arbitrary code on the device. Watch today’s video for a quick summary of the issue, and if you’re and iOS user, upgrade immediately.

Episode Runtime: 2:26

Direct YouTube Link: https://www.youtube.com/watch?v=BK-m93Fpr6E

EPISODE REFERENCES:

  • Apple releases emergency iOS update from Broadcom flaw – Apple
  • Broadcom Wi-Fi chip vulnerability affects many mobile devices and tablets – The Register
  • Google researchers detail vulnerabilities in Broadcom’s Wi-Fi SoC – Blogspot

Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Software vulnerabilities

Comments

  1. Vicky Ames says

    April 27, 2017 at 7:00 am

    Hi Corey could you expand on what you mean by “within wireless range”? Does this mean an attack can be successful if the wireless device is simply near an attacker’s device without being connected to a wireless network? If so can you guide us through such a scenario? Thanks!

    Reply
    • Corey Nachreiner says

      April 27, 2017 at 10:33 am

      Vicky, The Google researcher actually found a number of vulnerabilities in the Broadcom chip set, you can see them all here:

      https://bugs.chromium.org/p/project-zero/issues/list?can=1&q=HardMAC

      But in a nutshell, many of the “components” being targeted are only accessible after you have joined a wireless network. I haven’t looked at every issue, but–beyond being within range–you do have to be associated with the same Wi-Fi network as the victim to exploit these. That said, with things like the Karma attack, you might be surprise how easily hackers can trick your device into joining a network they manage, without you knowing.

      Good question.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use