Gal Beniamini, a safety researcher alongside Google Project Zero, has discovered a safety vulnerability (CVE-2017-11120) inward Apple's iPhone together with other devices that utilization Broadcom Wi-Fi chips together with is hell tardily to exploit.
This flaw is like to the i Beniamini discovered inward the Broadcom WiFi SoC (Software-on-Chip) dorsum inward April, together with BroadPwn vulnerability disclosed past times an Exodus Intelligence researcher Nitay Artenstein, before this summer. All flaws allow a remote takeover of smartphones over local Wi-Fi networks.
The newly discovered vulnerability, which Apple fixed alongside its major iOS update released on September 19, could allow hackers to accept command over the victim's iPhone remotely. All they need is the iPhone's MAC address or network-port ID.
And since obtaining the MAC address of a connected device is easy, the vulnerability is considered a serious threat to iPhone users.
Beniamini informed WiFi fleck maker Broadcom together with privately reported this vulnerability inward Google's Chromium bug-reporting organisation on August 23.
Now, next iOS xi release, Beniamini published a proof-of-concept (PoC) exploit for the flaw to demonstrate the risks this flaw could pose on iPhone users.
Beniamini says the flaw exists on Broadcom chips running firmware version BCM4355C0, which is non exclusively used past times iPhones but too used past times a large number of other devices, including Android smartphones, the Apple TV together with smart TVs.
Once his exploit executes, Beniamini was able to insert a backdoor into Broadcom chip’s firmware, which allowed him to remotely read together with write commands to the firmware, "thus allowing tardily remote command over the Wi-Fi chip."
Once all done, "you tin interact alongside the backdoor to gain R/W access to the firmware past times calling the "read_dword" together with "write_dword" functions, respectively."
The researchers tested his exploit exclusively against the Wi-Fi firmware inward iOS 10.2 but believe the exploit should too piece of occupation on all versions of iOS upward to 10.3.3.
"However, about symbols mightiness need to last adjusted for dissimilar versions of iOS, come across 'exploit/symbols.py' for to a greater extent than information," Beniamini writes.
Since at that topographic point is no agency to uncovering out if your device is running the firmware version BCM4355C0, users are advised to update iPhones to iOS 11. Apple has too patched the upshot inward the virtually recent version of tvOS.
Also, Google has addressed this upshot on Nexus together with Pixel devices, every bit good every bit Android devices earlier this month. However, Android users are required to await for their handset manufacturers to force out the updates on their devices.
Share This :
comment 0 Comments
more_vert