Broadpwn: The Mobile Exploit for Android and iPhones

I’m willing to bet that you possess at least one device that’s either an iPhone or an Android phone. If my statement doesn’t apply to you, you’re definitely in a very small minority. If it does, you should be concerned about this recently discovered exploit.

We can thank security researcher Nitay Artenstein for his discovery, which he presented at Black Hat USA 2017 on July 27. He discovered a bug, which he named Broadpwn, affecting Broadcom Wifi chipsets which appear in iPhones and Android phones under the Samsung Galaxy, HTC, LG, and Nexus brands.

Malware can target the vulnerabilities in the Wifi chips themselves without much interaction with a phone’s operating system, highlighting the cross-platform nature of the exploit. Make sure your device has either been updated to iOS 10.3.3, or has been updated with Android’s recent security patch, which was released on July 5 in order to protect yourself against this latest exploit.

How It Works

If a user’s device is attacked through the Broadpwn exploit, they won’t know about it. Their device won’t crash or reboot, and it will continue to behave normally as far as a user can determine. The user is unlikely to find any malicious files related to the exploit on their device, and they certainly won’t see any new apps or any changes in their settings.

Broadpwn silently enables malicious attackers to take over a target’s iPhone or Android phone in the same way carbon monoxide can kill while having an unnoticeable presence. That’s why my home and office has a carbon monoxide detector, and that’s also why you should apply the most recent security patches to your phone as soon as possible.

Artenstein says that as time moves on, smartphone cyberattackers may focus less on specific operating systems like (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog