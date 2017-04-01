Hacker News new | comments | show | ask | jobs | submit login
Over the Air: Exploiting Broadcom’s Wi-Fi Stack (googleprojectzero.blogspot.com)
91 points by ivank 2 hours ago | hide | past | web | 8 comments | favorite





This is one of the most serious and instructive pieces of technical security work we're likely to see this year. In case it hasn't sunk it:

- This vulnerability affects tons of smart phones (iPhone, Nexus, Samsung S*). - The attack proceeds silently over WiFi -- you wouldn't see any indication you've been nailed. - Mitigations and protections on WiFi embedded chips are weak. - The second blog post will show how to fully commandeer the main phone processor by _hopping from the WiFi chip to the host_.

Imagine the havoc you could wreak by walking around a large city downtown, spewing out exploits to anyone who comes into WiFi range :-)

Do you know which iPhone versions are affected? Is the problem patchable?

https://support.apple.com/en-us/HT207688

iOS 10.3.1 patches this exploit.

https://support.apple.com/en-us/HT207688

Project Zero are seriously doing good work here. This attack can passively own a large portion of all modern smartphones if unpatched against these vulns.

Whoa! This is really impressive stuff, and will cause head-ache in my dayjob where we develop a product using this WiFi SoC.

Can this vulnerability cause content-owners and DRM vendors to no longer allow such devices to decode 4K content? I'm thinking of for example PlayReady certification that may be withdrawn/downgraded because of this issue, but I'm fuzzy on the details how this would work.

That is one of the most educative text I've ever read on network hacking/security, cannot wait for the next part(s)!

For reference, here is the bug[0] that affected Apple that was discussed yesterday[1]. One commenter on that HN topic noticed that there was 1 other public bug about Broadcom wifi chips, though it was not the specific one that affected Apple.

This blog post points to 4 Project Zero bugs for different Broadcom issues.

[0] https://bugs.chromium.org/p/project-zero/issues/detail?id=10...

[1] https://news.ycombinator.com/item?id=14024971

