Enlarge (credit: Cheon Fong Liew)
LAS VEGAS—It’s not often that a security researcher devises an attack that can unleash a self-replicating attack which, with no user interaction, threatens 1 billion smartphones. But that’s just what Nitay Artenstein of Exodus Intelligence did in a feat that affected both iOS and Android devices.
At the Black Hat security conference, Artenstein demonstrated proof-of-concept attack code that exploited a vulnerability in Wi-Fi chips manufactured by Broadcom. It fills the airwaves with probes that request connections to nearby computing devices. When the specially devised requests reach a device using the BCM43xx family of Wi-Fi chipsets, the attack rewrites the firmware that controls the chip. The compromised chip then sends the same malicious packets to other vulnerable devices, setting off a potential chain reaction. Until early July and last week—when Google and Apple issued patches respectively—an estimated 1 billion devices were vulnerable to the attack. Artenstein has dubbed the worm “Broadpwn.”
Although the flaw is now closed, the hack has important lessons as engineers continue their quest to secure mobile phones and other computing devices. Security protections such as address space layout randomization and data execution prevention have now become standard parts of the operating systems and apps. As a result, attackers have to work hard to exploit buffer overflows and other types of software vulnerabilities. That extra work largely makes self-replicating worms impossible. Artenstein’s exploit, however, suggests that such worms are by no means impossible.
Read 5 remaining paragraphs | Comments
