Nitay Artenstein has recently found and patched a bug in the chips that provide wifi in popular smartphone devices, discovering that they could be used to build a malware capable of jumping from device to device without the possibility of being stopped.
It is highly recommended that the affected users (of iPhones, Samsung Galaxies or Google Nexus devices) update their operating systems as soon as possible, to iOS 10.3.3 that was released on July 20th or the security update for Android of this month, which both contain fixes for the flaw.
The bug is named Broadpwn and has been revealed for the first time this Thursday at the Black Hat information security conference in Las Vegas. The way it works is by taking advantage of several specific flaws in wifi chips made by Broadcom, which then lets a hacker write programs directly onto a chip and taking control of it.
Artenstein explained that this vulnerability is particularly interesting and powerful due to its rare status as a truly remote exploit. In simpler words – as a victim, you don’t have to do anything to get infected, and the hacker doesn’t have to know anything about your device, and your device’s system can be taken without crashing.
Artenstein, who works for the infosec firm Exodus Intelligence, showed on stage how a hacker could use the bug – he infected a Samsung Galaxy with his custom “worm” and then watched as the Galaxy phone continued to infect another Samsung phone, with no intervention from Artenstein being required.
When Artenstein started working in his field, there were worms, self-propagating malware that could be run across the network, he explained. There were quite a few of them back in the day, but they died out in the meantime, alongside with remote exploits, which were necessary for propagation.
But Broadpwn is a perfect bug for this kind of thing, Artenstein believes, adding that it is a good location to make the first wifi worm and the first network worm in a few years.
A well-made wifi worm could be spread almost as a real virus, needing two vulnerable devices to just be in close proximity to each other for the worm to jump from one to another. But even before companies fixed the vulnerability in software updates, the bug in question has its limitations, the main one being that it couldn’t make the leap from the wifi chip’s firmware to the actual device.
A second vulnerability would be necessary for the bug to do any damage besides breaking the wifi of the users affected. So, for now, there is still no need to panic about the comeback of the worms.