Apple yesterday made a number of security updates to its iOS mobile operating system, including a fix for a Wi-Fi chip vulnerability that could let hackers gain wireless access to iPhones and iPads.
The iOS 10.3.3 update addresses nearly four dozen security flaws, one of which, called "Broadpwn," lies in the Broadcom Wi-Fi chip used in many iPhones and Android devices. Google announced an Android fix for Broadpwn earlier this month. Apple's patch is available for the iPhone 5 and later, 4th-generation and later iPads, and the 6th-generation iPod touch.
The vulnerability could allow a remote actor to trigger a memory corruption error via Wi-Fi on a user's mobile device, according to details on Broadpwn from Security Tracker. That error could then enable the hacker to execute arbitrary code on the device without any actions by the user.
Chip Vulnerability on 'Millions' of Devices
Apple credits discovery of the Wi-Fi vulnerability to Nitay Artenstein, a security researcher with Exodus Intelligence. Artenstein is scheduled to discuss his findings later this month during a briefing at the Black Hat information security conference in Las Vegas.
"Remote exploits that compromise Android and iOS devices without user interaction have become an endangered species in recent years," Artenstein said in a description of his coming Black Hat presentation. "Such exploits present a unique challenge: Without access to the rich scripting environment of the browser, exploit developers have been having a hard time bypassing mitigations such as DEP and ASLR."
Rather than targeting a mobile device's operating system, though, Broadpwn takes aim at the Wi-Fi system on chip (SoC) that's used to handle a device's wireless connectivity. The vulnerability exists on "millions" of Android and iOS devices featuring the Broadcom SoC, Artenstein said.
"The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices -- from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices," he noted.
'Critical' Vulnerability, Easy To Deploy
In its July 5 Android Security Bulletin, Google described the severity of the Broadcom vulnerability as "critical." The U.S. Computer Security Resource Center's National Vulnerability Database, which published details about the vulnerability early last month, noted that taking advantage of the security flaw was not complex.
Wi-Fi SoCs are designed to handle a broad range of processing tasks related to wireless networking, Google security researcher Gal Beniamini wrote in an April blog post for Project Zero, Google's research program aimed at finding zero-day exploits. While such SoCs help to reduce power consumption and free up mobile device operating systems to focus on other tasks, they come with a cost, he added.
"Introducing these new pieces of hardware, running proprietary and complex code bases, may weaken the overall security of the devices and introduce vulnerabilities which could compromise the entire system," Beniamini said, adding that Broadcom's Wi-Fi SoCs are the most common Wi-Fi chipsets used on mobile devices.
Beniamini noted that Broadcom has said newer versions of its Wi-Fi SoC use a memory protection unit, "along with several additional hardware security mechanisms." He called such improvements "a step in the right direction."