BroadPwn potentially expose to hack millions of Android devices using Broadcom Wi-Fi Chip

Google published the monthly security update for Android devices, it warned of a serious flaw, dubbed BroadPWN, in some Broadcom Wi-Fi chipsets that potentially impacts millions of Android devices, as well as some iPhone models.
BroadPwn is a critical remote code execution vulnerability, tracked as CVE-2017-3544, that affects the Broadcom BCM43xx family of WiFi chipsets. Remote attackers can trigger the flaw without user interaction to execute malicious code on vulnerable devices with kernel privileges.
“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.,” reads the Google July 2017 Android Security Bulletin.
The BroadPwn issue was reported by the Exodus Intelligence expert Nitay Artenstein, he will present the analysis at the Next Black Hat 2017 conference.
 “Meet Broadpwn, a vulnerability in Broadcom’s Wi-Fi chipsets which affects millions of Android and iOS devices, and can be triggered remotely, without user interaction. The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices – from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices.
“In this talk, we’ll take a deep dive into the internals of the BCM4354, 4358 and 4359 Wi-Fi chipsets, and explore the workings of the mysterious, closed-source HNDRTE operating system. Then, we’ll plunge into the confusing universe of 802.11 standards in a quest to find promising attack surfaces.” states the abstract of the talk.
BroadPWN flaw
Google also patched 10 critical RCEs and more than 100 high and moderate issues. The company also fixed several critical flaws affecting the Android Mediaserver process, some of them could be exploited by a remote attacker to perform code execution.An input validation flaw in the libhevc library, tracked as CVE-2017-0540, can be exploited by using a specifically crafted file.
“A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.” reads the vulnerability description.
As usual, Google already issued security updates for Pixel and Nexus devices, but remaining Android devices will remain vulnerable until OEMs will fix the issues too.

via Blogger http://ift.tt/2trEuKJ http://ift.tt/2sNYsk6

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s