Apple’s iOS 10.3.1 Update Fixes Critical Broadcom WiFi Security Flaw

1 minute read
| News

If you haven’t installed Apple’s iOS 10.3.1 update yet, now would be a good time because it fixes a big security flaw in the Broadcom WiFi chips in your iPhone. The security flaw could let attackers who are in WiFi range inject and run code on your smartphone.

iPhone and bug

Apple patches critical Broadcom WiFi chip security flaw in iOS 10.3.1

The security flaw was detailed by Google Project Zero security research pro Gal Beniamini who said it impacts the iPhone 5 and newer, along with Google’s Nexus and several Samsung Galaxy models. Since Broadcom’s WiFi system on a chip, or SoC, is used in so many mobile devices it’s a safe bet other smartphones and tablets are vulnerable, too.

According to Beniamini, there are two variants of the attack involving stack buffer overflows related to wireless roaming support. Another attack involves Tunneled Direct Link Setup, or TLDS, which allows devices on a network to share data directly with each other instead of first sending it back through the WiFi base station.

Considering how far WiFi signals travel, it’s possible hackers could target iPhones, iPads, and other mobile devices in your home simply by driving down the street and looking for wireless signals. Coffee shops, stores, and other public places will make good target areas, too.

The security flaw falls squarely in Broadcom’s lap since it designed the WiFi chip and its embedded software. According to Beniamini’s research Broadcom’s WiFi SoC “lacks basic exploit mitigations, such as stack cookies, safe unlinking,” and also doesn’t use the available memory protection features.

Luckily, Apple patched Broadcom’s security flaw with the iOS 10.3.1 update and Google released a similar Android update on Monday, too. The flaw underscores how difficult it is for device makers to stay on top of security issues because some components—like Broadcom’s popular WiFi SoC—are out of their control.

Broadcom says security in new versions of its WiFi SoC is better, and more are being evaluated. Still, it kind of sucks that Broadcom didn’t implement better security from the beginning.

One Comment Add a comment

  1. Simon-Smith-eVestigator

    Simon Smith, eVestigator, http://www.simonsmithevestigator.com.au, Cyber Security expert here. As vendors close in to get market share they close in on software and hardware binding equally. This is something to look out for. Adding more fuel to the fire, Apple Macbook Air’s I happen to know for a fact (and I’m sure most of their product line) rely on the WiFi chip for authentication of a device ID to allow OS upgrades. If your WiFi busts, don’t think you can pull out the old WiFi dongle. You are stuck on that version of Mac forever. The hardware and software combination that Apple like to use is becoming extremely dangerous. One chip failure can render an entire computer useless. From my own personal experience, as this machine was out of warranty, Apple would only replace at a cost the entire Motherboard for a $3 chip. So beware, there is another technicality to add to the puzzle. Lucky this time, it was fixable by software, next time – maybe not so lucky.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account