Short Bytes: An exploit was discovered by the Google Project Zero team in Broadcom WiFi chips used in various iPhone models and Android smartphones from various makers. The vulnerability could allow a hacker in close proximity to gain full control of the target device. Security fixes have been released by Apple; the other makers would follow soon with their fixes.
The Google Project Zero team is known to disclose fatty bugs and vulnerabilities affecting an uncountable number of users. Their latest revelation also deals with the security of millions of smartphone users, both Android and iOS.
A well-explained post by Gal Beniamini, a Project Zero researcher, throws light on the vulnerabilities in the Broadcom WiFi chips used in various Android and iPhone models.
If exploited, it could allow a hacker in the vicinity to take control of the affected devices without any user interaction. In fact, the user won’t know at all if an evil-minded person connected to the same network quietly trespasses into the device.
Google’s Nexus 6P running Android 7.1.1 was used to demonstrate remote code execution exploit over WiFi. However, the same could be done on various other devices featuring the Broadcom WiFi chips. The list includes Nexus, 6, Nexus 6, Nexus 6P, iPhone 4 (and above), many Samsung flagship devices.
According to April’s Android Security Bulletin, the exploit has been fixed. Google Project Zero team notified Broadcom and the company is working with manufacturers to push security fixes to the affected devices. Apple has released the security fix as a part of the iOS 10.3.1 update.
If you have something to add, drop your thoughts and feedback.
