Apple's iPhone 7 and Samsung's Galaxy S7 edge, along with several other devices that use Broadcom WiFi chips are vulnerable to a security issue. The exploit enables hackers to remotely hijack the device and is being considered as a serious security risk. "The exploit gains code execution on the Wi-Fi firmware on the iPhone 7," Gal Beniamini, a Google Project Zero security team member, wrote.
"Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames, thus allowing easy remote control over the Wi-Fi chip."
"The exploit has been tested against the Wi-Fi firmware as present on iOS 10.2 (14C92), but should work on all versions of iOS up to 10.3.3."
This latest Broadcom chip vulnerability is similar to Broadpwn, which was patched up by Google and Apple in security updates released in July. It was then reported to the public in a talk at the Black Hat 2017 conference. The vulnerability had received a major 9.8 out of 10 score in the US’s National Institute of Standards and Technology severity scale.
While Broadpwn was said to have been affected over a billion devices, it wouldn't be unlikely if the latest Broadcom WiFi flaw also affects the similar number of devices.
"Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS."
In the latest security issue, tracked as CVE-2017-11120, the first weakness was an out-of-bounds write issue that could have been exploited by attackers through injecting a large value into one of the buffers to achieve arbitrary code execution. The second problem, tracked as CVE-2017-11121, enables remote code execution due to buffer overflows.
Patches for this WiFi bug "mostly" released across the industry
While the researcher verified the issue on iPhone 7 and Galaxy S7 edge, the problem introduced by Broadcom WiFi chip, affects a huge range of devices, including Android and Apple phones and TVs. Both Apple and Google have now released patches to the issues. iOS 11, that brings a number of important security patches, also carries the fix for this WiFi vulnerability. tvOS has also been updated to bring the security patch.
In its monthly security update, Google had released the patch earlier this month, with the Android Security Bulletin 2017-09-05 patch level. But, it might take Samsung and other Google partners a little while before this patch is released to all the devices.