Google and Apple release updates to patch up Wi-Fi vulnerabilities
If you have not updated your Android, iOS or Nexus device just yet, it is high time you do it because Gal Beniamini from Google’s Project Zero [1] has found some serious vulnerabilities that simply cannot be left unattended. All in all, the security researcher’s bug report includes 10 critical issues related to the Broadcom’s WiFi chips [2]. This particular firmware component comes integrated within most Google and iOS devices by default and is responsible for handling wireless networking functions within the device. What the researcher has found is that Broadcom’s SoCs (Software on Chip) are easily hackable by leveraging stack buffer overflow [3] vulnerability. This essentially opens a gateway for the attackers to deploy malicious codes on the victims’ devices and remotely execute them. This is possible as long as both perpetrator and the victim are connected to the same WiFi network, be it a public WiFi hotspot or even your home network — weak passwords are not difficult to crack [4].
Needless to say, such security flaw can be exploited for countless evil purposes. Installation of adware or useless apps in order to generate ad revenue is probably the best scenario you can expect. On a grimmer note, the hackers may not miss a chance to benefit some more with the help of ransomware or banking Trojans [5]. Unlike the typical practices where ransomware, for instance, Android Defender or Police ransomware must be downloaded on the device by the victims themselves, WiFi hacking enables malware transfer without any user interaction. Luckily, these flaws have now been fixed, though it took Broadcom four months to do it.
Android and iOS updates have been released earlier this week, so we urge everyone to go and check whether your device has already received the latest security patch. Also, we should emphasize that you should not rely on your software providers to always be there to protect your privacy and personal data. You must take initiative yourself. You can start by choosing a strong password for your home WiFi, installing antivirus software on your device to warn you against potentially dangerous WiFi networks, and keeping backups of your sensitive data.
Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.
- ^ Project Zero. GoogleProjectZero. News and updates from the Project Zero team at Google.
- ^ Gabriela Vatu. Wi-Fi chip in iPhones, Samsung & Nexus phones, vulnerable to over-the-air hack. Softpedia. Latest News & Reviews by Softpedia.
- ^ Gal Beniamini. Over the air: exploiting Broadcom’s Wi-Fi stack (Part 1). GoogleProjectZero. News and updates from the Project Zero team at Google.
- ^ John Ciarlone. Why keeping your WiFi network secure is important. HummingbirdNetworks. The Network Equipment Solutions Blog .
- ^ Mobile banking Trojans, explained. KasperskyLab. The Official Blog from Kaspersky Lab.
