Turning off Wi-Fi before leaving home and office helps. Apparently few people do that. A customer in the tracking industry (beacons estimating people in stores) told me that about 80% leave Wi-Fi always on.
I hope I'll get that patch soon. The last update for my Sony phone was the security update of May. Nothing on June. I guess that most Androids didn't and won't get anything.
which means 20% don't, which is suspiciously high considering how much of a hassle it is to turn wifi on/off. then again, they could have unlimited data on their phones.
It's not a hassle at all. Pull down the notification shade, touch the wifi icon.
Developer preview 3 of Android O includes a great option in WiFi settings to automatically turn WiFi back on when you are in a location where you've connected to a 'high quality' WiFi network before (such as home or work), though I've not dug deep enough to find out what constitutes high quality, and it doesn't appear to be paired with a converse option to turn it off elsewhere.
A personal experience from me (anecdotal)... I was using Wifi from my cable provider that is available all over town. But that means when going into town, I am jumping from one accesspoint to another, sometimes with good and bad connections. My experience was that a battery charge didn't last that long. Disabling that accesspoint on my phone made the batterycharge last much longer.
It would be great if there were a published list of exactly which devices are vulnerable, or a way to check your device for whether this part was present. Is there anything like 'adb shell lspci' I could run to find out whether my devices have the broadcom parts? I know my Nexus 5x has a QCOM SoC, so I assume it lacks broadcom WiFi. But the rest of the family's devices -- what of those?
iFixit is nice, but it is not an answer to the request made by GP (an answer to which would be useful).
If you are looking for details directly from the device there are various commands to get info like dmesg, getprop. There are other ways (recommended if you have time and patience), like going into /sys/devices, but I really believe it is very common to have same parts for a single mobile device (I think Apple did it because of production problems)
> In its security bulletin, Google rated Broadpwn as a "medium" severity issue, meaning the company doesn't view it as a dangerous vulnerability, such as Stagefright.
> Users that didn't receive this month's Android security patch should only connect to trusted Wi-Fi networks and disable any "Wi-Fi auto-connect" feature, if using one.
What is the point of the second statement?
*I am definitely not deeply familiar with WME.
Broadpwn is another serious Broadcom WiFi security bug, different from the bugs patched when Google Project Zero revealed their research in April.
We will know a lot more after @nitayart presents at BlackHat.
That slightly contradicts the headline.
Given apples history with wifi exploits there is a reasonable chance they are vulnerable.