Apple’s iOS 10.3.1 Update Fixes Critical Broadcom WiFi Security Flaw

1 minute read
| News

If you haven’t installed Apple’s iOS 10.3.1 update yet, now would be a good time because it fixes a big security flaw in the Broadcom WiFi chips in your iPhone. The security flaw could let attackers who are in WiFi range inject and run code on your smartphone.

iPhone and bug

Apple patches critical Broadcom WiFi chip security flaw in iOS 10.3.1

The security flaw was detailed by Google Project Zero security research pro Gal Beniamini who said it impacts the iPhone 5 and newer, along with Google’s Nexus and several Samsung Galaxy models. Since Broadcom’s WiFi system on a chip, or SoC, is used in so many mobile devices it’s a safe bet other smartphones and tablets are vulnerable, too.

According to Beniamini, there are two variants of the attack involving stack buffer overflows related to wireless roaming support. Another attack involves Tunneled Direct Link Setup, or TLDS, which allows devices on a network to share data directly with each other instead of first sending it back through the WiFi base station.

Considering how far WiFi signals travel, it’s possible hackers could target iPhones, iPads, and other mobile devices in your home simply by driving down the street and looking for wireless signals. Coffee shops, stores, and other public places will make good target areas, too.

The security flaw falls squarely in Broadcom’s lap since it designed the WiFi chip and its embedded software. According to Beniamini’s research Broadcom’s WiFi SoC “lacks basic exploit mitigations, such as stack cookies, safe unlinking,” and also doesn’t use the available memory protection features.

Luckily, Apple patched Broadcom’s security flaw with the iOS 10.3.1 update and Google released a similar Android update on Monday, too. The flaw underscores how difficult it is for device makers to stay on top of security issues because some components—like Broadcom’s popular WiFi SoC—are out of their control.

Broadcom says security in new versions of its WiFi SoC is better, and more are being evaluated. Still, it kind of sucks that Broadcom didn’t implement better security from the beginning.

1
Leave a Reply

Please Login to comment
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Simon-Smith-eVestigator Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Simon-Smith-eVestigator
Member
Simon-Smith-eVestigator

Simon Smith, eVestigator, http://www.simonsmithevestigator.com.au, Cyber Security expert here. As vendors close in to get market share they close in on software and hardware binding equally. This is something to look out for. Adding more fuel to the fire, Apple Macbook Air’s I happen to know for a fact (and I’m sure most of their product line) rely on the WiFi chip for authentication of a device ID to allow OS upgrades. If your WiFi busts, don’t think you can pull out the old WiFi dongle. You are stuck on that version of Mac forever. The hardware and software combination that… Read more »