{"id":978,"date":"2017-04-05T13:37:43","date_gmt":"2017-04-05T05:37:43","guid":{"rendered":"https:\/\/tongwing.woon.sg\/blog\/?p=978"},"modified":"2017-04-07T13:51:04","modified_gmt":"2017-04-07T05:51:04","slug":"project-zero-over-the-air-exploiting-broadcoms-wi-fi-stack-part-1","status":"publish","type":"post","link":"https:\/\/tongwing.woon.sg\/blog\/project-zero-over-the-air-exploiting-broadcoms-wi-fi-stack-part-1\/","title":{"rendered":"Project Zero: Over The Air: Exploiting Broadcom\u2019s Wi-Fi Stack (Part 1)"},"content":{"rendered":"<p>A new vulnerability discovered by Project Zero affects tons of smart phones (iPhone, Nexus, Samsung S*). The attack proceeds silently over WiFi &#8211; you wouldn&#8217;t see any indication you have been hacked. For iPhone users, iOS 10.3.1 fixes this. Android users? <a href=\"https:\/\/arstechnica.com\/security\/2017\/04\/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi\/\">Good luck.<\/a><\/p>\n<p><a href=\"https:\/\/googleprojectzero.blogspot.sg\/2017\/04\/over-air-exploiting-broadcoms-wi-fi_4.html\"><img decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/lh5.googleusercontent.com\/W1TY1wagZMdeMIE6svCyqHmC56aJorS6WzjKrkUYPRKiYc2LkRBz-X0mhpT270HIo1G1NsSdMNf2gm9DdzvEXnoJxFTFkrTVET-SKRWXTnet-kyZSOLk5p-GP3j4pWtXDCDPbRqh\" alt=\"\" \/><\/a><\/p>\n<blockquote><p>In this two-part blog series, we\u2019ll explore the exposed attack surface introduced by Broadcom\u2019s Wi-Fi SoC on mobile devices. &#8230; The first blog post will focus on exploring the Wi-Fi SoC itself; we\u2019ll discover and exploit vulnerabilities which will allow us to remotely gain code execution on the chip. In the second blog post, we\u2019ll further elevate our privileges from the SoC into the the operating system\u2019s kernel. Chaining the two together, we\u2019ll demonstrate full device takeover by Wi-Fi proximity alone, requiring no user interaction.<\/p><\/blockquote>\n<p>Source: <em><a href=\"https:\/\/googleprojectzero.blogspot.sg\/2017\/04\/over-air-exploiting-broadcoms-wi-fi_4.html\">Project Zero: Over The Air: Exploiting Broadcom\u2019s Wi-Fi Stack (Part 1)<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new vulnerability discovered by Project Zero affects tons of smart phones (iPhone, Nexus, Samsung S*). The attack proceeds silently over WiFi &#8211; you wouldn&#8217;t see any indication you have been hacked. For iPhone users, iOS 10.3.1 fixes this. Android users? Good luck. In this two-part blog series, we\u2019ll explore the exposed attack surface introduced [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"_links":{"self":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/978"}],"collection":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/comments?post=978"}],"version-history":[{"count":7,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/978\/revisions"}],"predecessor-version":[{"id":988,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/978\/revisions\/988"}],"wp:attachment":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/media?parent=978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/categories?post=978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/tags?post=978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}