Categories
security

Project Zero: Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)

A new vulnerability discovered by Project Zero affects tons of smart phones (iPhone, Nexus, Samsung S*). The attack proceeds silently over WiFi – you wouldn’t see any indication you have been hacked. For iPhone users, iOS 10.3.1 fixes this. Android users? Good luck.

In this two-part blog series, we’ll explore the exposed attack surface introduced by Broadcom’s Wi-Fi SoC on mobile devices. … The first blog post will focus on exploring the Wi-Fi SoC itself; we’ll discover and exploit vulnerabilities which will allow us to remotely gain code execution on the chip. In the second blog post, we’ll further elevate our privileges from the SoC into the the operating system’s kernel. Chaining the two together, we’ll demonstrate full device takeover by Wi-Fi proximity alone, requiring no user interaction.

Source: Project Zero: Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)