📱 BroadPwn - Millions of Devices with Broadcom WIFI can be hacked remotely (CVE-2017-9417) 📱

in #security7 years ago (edited)

BroadPwn. CVE-2017-9417


https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9417
https://nvd.nist.gov/vuln/detail/CVE-2017-9417

This critical vulnerbility in Broadcom's BCM43xx family of WiFi chipsets contains a vulnerability which if exploited would allow a remote attacker to remotely execute arbitrary code on Android devices with kernel privileges requiring no user interaction

This chip is in plenty of smartphones, mostly Andorid(HTC, LG, Nexus, Samsung) but some iphones

Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.

https://thehackernews.com/2017/07/android-ios-broadcom-hacking.html
http://security.samsungmobile.com/smrupdate.html

In the Android Security Bulletin published on July 5th

https://source.android.com/security/bulletin/2017-07-01

Make sure you are on the latest security updates

Updates were rush out by Apple with an emergency patch for IOS and Google devices patched it in April 2017. Google wasn't as fast though to patch the rest of Andorid with numerous devices left exposed waiting.

Blackhat 2017 talk

This will all appear to be exposed at blackhat later this month, full details on Artenstein's talk.

https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603

Just make sure you are running the latest security patches.

follow me @shifty0g

Sort:  

Thats a really good (nasty) one. I'm fully patched but most people wont be as manufacturers are slow to release fixes. Wonder if it can be made into a worm.

Coin Marketplace

STEEM 0.20
TRX 0.26
JST 0.039
BTC 100104.47
ETH 3619.58
USDT 1.00
SBD 3.10