We all use wireless network; it makes internet surfing hassle-free and profitable. Usually, many of us leave Wi-Fi open throughout the day even at night. This could cause you lots of trouble if you haven’t updated your smartphone, particularly iPhones and Android devices manufactured by Google and Samsung.
According to research conducted by a specialist at Exodus Intelligence, hackers can exploit vulnerability present in widely used Wi-Fi chipsets manufactured by Broadcom to control your phone through a bug. This bug, dubbed as Broadpwn, allows them to hack into a smartphone remotely. This bug can infect smartphones made by Apple, Samsung, and Google. Broadpwn is regarded as an unstoppable malware as it leads to crashing your phone and then spreads the attack to other devices.
[irp posts=”52154″ name=”Apple issues iPhone software update after fake police ransomware scam”]
Nitay Artenstein explained his findings at the Black Hat security conference on Thursday. As per Artenstein, the vulnerability in chipset would let hackers use Wi-Fi to control your phone by writing on the chip directly. This would be possible if the hackers are in the Wi-Fi network’s range. The attack would be carried out through airwaves, and ultimately it results in crashing the device. All of this will be possible if the Wi-Fi is on, it is not necessary to be connected to the network.
Google and Apple have already patched this bug, so if you haven’t updated your device lately, the chances are that your smartphone is vulnerable to hack attack. Once infected with Broadpwn, your phone will become a rogue access point, which would then be used to infect other phones that come in the Wi-Fi connection’s range. This way, the infection will spread from one device to another. Artenstein refers to the bug as a WiFi worm.
According to Artenstein, this is an interesting and powerful vulnerability because it is a remote exploit, which means the victim doesn’t even have to commit a mistake to get his/her phone infected. The attacker, on the other hand, doesn’t need to identify the make and model of the targeted device before launching the attack. If the attackers want to cause more damage apart from crashing the device, a second vulnerability will be required.
At the conference in Las Vegas, Artenstein demonstrated proof-of-concept of the research by infecting Samsung Galaxy phone set with the bug and without any intervention, the infected device managed to spread the infection to another Samsung device.
“When I started working in this field, we had worms, self-propagating malware which could be run across the network. There were quite a few in the good old days. They died out, together with remote exploits: worms pretty much need them to propagate,” stated Artenstein.
“But Broadpwn is a perfect bug for this kind of thing. A pretty good location to make the first Wi-Fi worm and the first network worm in a few years,” claimed the Exodus researcher.