BroadPwn potentially expose to hack millions of Android devices using Broadcom Wi-Fi Chip

Pierluigi Paganini July 07, 2017

Google warned of a serious flaw dubbed BroadPwn in some Broadcom Wi-Fi chipsets that potentially impacts millions of Android devices.

Google published the monthly security update for Android devices, it warned of a serious flaw, dubbed BroadPWN, in some Broadcom Wi-Fi chipsets that potentially impacts millions of Android devices, as well as some iPhone models.

BroadPwn is a critical remote code execution vulnerability, tracked as CVE-2017-3544, that affects the Broadcom BCM43xx family of WiFi chipsets. Remote attackers can trigger the flaw without user interaction to execute malicious code on vulnerable devices with kernel privileges.

“The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process.,” reads the Google July 2017 Android Security Bulletin.

The BroadPwn issue was reported by the Exodus Intelligence expert Nitay Artenstein, he will present the analysis at the Next Black Hat 2017 conference.

 “Meet Broadpwn, a vulnerability in Broadcom’s Wi-Fi chipsets which affects millions of Android and iOS devices, and can be triggered remotely, without user interaction. The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices – from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices.

“In this talk, we’ll take a deep dive into the internals of the BCM4354, 4358 and 4359 Wi-Fi chipsets, and explore the workings of the mysterious, closed-source HNDRTE operating system. Then, we’ll plunge into the confusing universe of 802.11 standards in a quest to find promising attack surfaces.” states the abstract of the talk.

BroadPWN flaw

Google also patched 10 critical RCEs and more than 100 high and moderate issues. The company also fixed several critical flaws affecting the Android Mediaserver process, some of them could be exploited by a remote attacker to perform code execution.An input validation flaw in the libhevc library, tracked as CVE-2017-0540, can be exploited by using a specifically crafted file.

“A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031.” reads the vulnerability description.

As usual, Google already issued security updates for Pixel and Nexus devices, but remaining Android devices will remain vulnerable until OEMs will fix the issues too.

[adrotate banner=”9″]

Pierluigi Paganini 

(Security Affairs – BroadPWN, hacking)

[adrotate banner=”13″]

you might also like

leave a comment