382 Computer Security BlogUncategorized

[382] Broadcom

There were two articles of particular interest to me this week, but in the interest of brevity I felt I should focus on just one. So instead of looking at the CIA toolkit used to infect Windows machines (which is nonetheless very worth reading!), I will be looking at how a vulnerability in Android Broadcom chips allows for device takeovers.

…And it ain’t pretty. The specific vulnerability is complicated, executed by overflowing the stack of the broadcom chip, and in turn writing to device memory directly. In theory, this would allow for completely arbitrary code execution. Worse, it can possibly be executed simply by being within range of a malicious access point.

Notably, the broadcom chip neglects to make use of a hardware-level security feature known as the MMU (or memory management unit). Used correctly, the MMU can be used to mark certain areas of memory as non-executable, but the broadcom firmware chooses not to do so.

This particular vulnerability also affects iOS devices, but a fix is found in iOS 10.3.1. If history is anything to go by, most iPhones will already be running the update.

Google is also working on a fix, Ars reports, though if Android’s past update history is anything to go by, most people won’t be safe for a number of weeks, in part due to a practice of staggering roll-outs to devices. Wose, older phones may never receive the update.

Of-course, it’s hard to completely hold that against Google. Android is an open platform; iOS is not. Given the choice, I would prefer the open platform, even if as a consequence updates to the platform can take longer. And, in any case, it was a Project Zero researcher who discovered the vulnerability in the first place. (Project Zero, of-course, being run by Google.)

In any case, keep your phones updated. And for more information, the original Project Zero article is a good read.

Leave a Reply

Your email address will not be published. Required fields are marked *