Gal Beniamini, a Google Project Zero researcher has found some critical vulnerabilities including a remote code execution in Broadcom’s Wi-Fi system-on-chip (SoC) which if exploited can allow attackers to compromise smartphone devices like iPhone, Samsung, and Google Nexus.
Broadcom’s Wi-Fi chips are used in a number of renowned devices and any vulnerability makes millions of smartphones vulnerable including Samsung’s flagship Android smartphones, Google’s very own Nexus 5, 6 and 6P and iPhone devices starting from iPhone 4.
Beniamini has published an 8,000-words-long-blog-post explaining the functionality and importance of Broadcom Wi-Fi chipset, and how these vulnerabilities can be used to carry a remote code execution attack. The Google researcher is also working on the second part of his blog post to further explain the privileges from the SoC into the operating system’s kernel which will help demonstrate how an attacker in the Wi-Fi range can take full control of a targeted device without user interaction.
The researcher also mentioned that Broadcom was quick to respond and fixing the security flaws in the devices mentioned in his research. He further stated that Broadcom’s firmware lacks all basic exploit mitigations including stack cookies, safe unlinking and access permission protection.
However, good news is that because of Beniamini’s findings Samsung has released maintenance updates fixing vulnerabilities on its own and Google products, Apple has issued an emergency update for iPhone users while a number of Android flaws were patched during March security updates.
At the time of publishing this article, Apple did not comment further. We are waiting for Beniamini’s next post, but remember to update your devices ASAP to avoid being targeted by malicious actors.