LightBlog

vendredi 28 juillet 2017

WiFi Chipset Info Checks if Your Device is Vulnerable to BroadPwn

Android's monthly security update for July included patches for 138 issues with 18 of them being tagged with Remote Code Execution. These are the vulnerabilities that enable an attacker to execute some code remotely and is considered quite dangerous. One of these RCE vulnerabilities is actually a flaw in Broadcom's Wi-Fi code, which is used in a lot of Android devices. This vulnerability is come to be known as BroadPwn and a new application called WiFi Chipset Info will check to see if you're vulnerable to the attack.

The attack is quite complex but it's also very dangerous since it can remotely execute code on your device. For a full explanation, you can find the original article for it here. Essentially though, the vulnerability allows for an attacker to initiate malicious network packets to a device that is in WiFi range. With so many people using public hotspots at stores and restaurants, you can see why this is such a big deal. The malicious network packets target your WiFi hardware to trigger the bug without you even knowing.

Once the bug has been triggered, the attacker has the same programmatic powers as the Android operating system. Thankfully the bug is patched, but we all know how security updates are on Android devices these days. Thankfully, the exploit is so new that few people even know about it, and because it's so complex it is unlikely to become widespread anytime soon. However, the researcher who discovered has already presented their findings at the Black Hat 2017 conference in Las Vegas.

So this exploit is only able to take advantage of certain Broadcom wireless chips and you're likely wondering if your device is vulnerable. XDA Senior Member vndnguyen was kind enough to put together an application called WiFi Chipset Info that not only checks to see what WiFi chipset manufacturer your device uses, but also checks to see if you're vulnerable to the BroadPwn attack.


Check out WiFi Chipset Info in our Apps and Games forum



from xda-developers http://ift.tt/2vQqJnS
via IFTTT

Aucun commentaire:

Enregistrer un commentaire