Owners of Android and iOS devices should pay special attention to security updates released by Google and Apple on Monday, as they contain fixes for a series of critical bugs affecting their phone’s WiFi component.
The issues, discovered by Google Project Zero security researcher Gal Beniamini, affect the Broadcom WiFi SoC (Software on Chip), included with many Android and iOS smartphones, and for which both Google and Apple include custom firmware with their OS.
Bugs allow remote hacking of Android and iOS devices
According to Beniamini, a stack buffer overflow vulnerability in the Broadcom firmware code allows an attacker in the phone’s WiFi range to send and execute code on the device.
Depending on the attacker’s skills, he can deploy code that takes over the user’s device and installs applications without the user’s knowledge, such as adware, banking trojans, or ransomware.
The possible ways in which these bugs can be leveraged range from evil WiFi spots up to wardriving scenarios.
Both companies addressed the issue with updates released on Monday, with Apple releasing iOS 10.3.1, and Google delivering updates via its Android Security Bulletin for April 2017.
Beniamini described his findings, in the context of attacking a fully-patched Nexus 6P Android device, in a blog post published today.
Broadcom needed four months to patch all issues
The iOS and Android RCE attacks are two of ten flaws Beniamini discovered in Broadcom’s WiFi SoC firmware.
None of these flaws affected the Android and iOS operating systems per-se, but the source code of the Broadcom firmware. Both OS makers had to wait for over four months until the chip maker finally managed to fix all flaws.
These security bugs were particularly difficult, both in numbers and complexity, as Broadcom asked Beniamini for an extension to Project Zero’s 90-day public disclosure policy so they could finish the patching process.