Broadcomm WiFi can be hacked on iPhone and several modern Android phones

A particularly worrisome smartphone vulnerability has been made public at the recent Black Hat Conference 2017 in Las Vegas. This bug is a reason for concern because of the sheer number of devices it affects — phones running Broadcom BCM43xx WiFi modules — a list which includes all models of the Apple iPhone 5 and newer, Google Nexus 5/6/6X/6P, Samsung Note 3, and Samsung Galaxy S3-S8.

When an infected device detects another using the compromised Broadcom chip, it utilizes a poorly written piece of code which allows data sent to the WiFi chip to overflow from its memory into other device memory where it can run as a command. Apple and Google were made aware of this security flaw before it was released to the public, and both have written patches that help stop the firmware flaw in the Broadcom chip from compromising the operating system. If your phone is running the latest version of iOS or has the July Android security patches, then you're protected.

Now Android's fragmentation problem shows again. Apple and Google have direct links to their phones, allowing them to patch any models affected, but adding a middleman in the process brings delays. We don't know if the older Galaxy phones will get the patch, or if other manufacturers have used the problematic Broadcom chips which might never update their phones. Problems like these and the way companies deal with them play a large part in whether security conscious people still buy third party phones, or if they shift their focus towards first party offerings.

Source(s)