Unpatched Wi-Fi SoCs Leave iPhones and Android Phones Vulnerable to Hacker Hijacking
A recently discovered vulnerability in a Wi-Fi chipset could be exploited to take over devices without users’ knowledge. A Google researcher publicly disclosed the bug in a blog post this week, which accompanied news from both Apple and Google that they’re patching devices in response. In his post and as detailed by Ars Technica, Gal Beniamini demonstrates how he exploited a Wi-Fi SoC manufactured by Broadcom to execute malicious code by solely being within the same Wi-Fi range of the targeted phone. No user interaction is required. This attack is slightly terrifying because the chipset hardware is baked into lots of phones, including the Nexus 5, 6, and 6P, as well as most Samsung flagship devices and all iPhones since the iPhone 4.
On the bright side: Broadcom is being responsive to Beniamini and is working with him to mitigate the issue going forward. Apple also already patched the bug with the release of iOS 10.3.1 on Monday, and Google patched it in its April security release.
The bad news, however, is that although Google has issued a fix, lots of Android devices fall behind regular patching schedules. More often than not, individual manufacturers or carriers have to push Android updates out over the air. This doesn’t happen as frequently as it should, which leaves device owners to hope no one targets their device in between the time it gets updated and when the bug is publicly disclosed. The only way to definitely receive all Android security updates is by sticking with Google’s phones, like the Pixel, or potentially unlocked Samsung devices, as the company says it’ll issue monthly updates in the future.