If you haven’t installed Apple’s iOS 10.3.1 update yet, now would be a good time because it fixes a big security flaw in the Broadcom WiFi chips in your iPhone. The security flaw could let attackers who are in WiFi range inject and run code on your smartphone.
The security flaw was detailed by Google Project Zero security research pro Gal Beniamini who said it impacts the iPhone 5 and newer, along with Google’s Nexus and several Samsung Galaxy models. Since Broadcom’s WiFi system on a chip, or SoC, is used in so many mobile devices it’s a safe bet other smartphones and tablets are vulnerable, too.
According to Beniamini, there are two variants of the attack involving stack buffer overflows related to wireless roaming support. Another attack involves Tunneled Direct Link Setup, or TLDS, which allows devices on a network to share data directly with each other instead of first sending it back through the WiFi base station.
Considering how far WiFi signals travel, it’s possible hackers could target iPhones, iPads, and other mobile devices in your home simply by driving down the street and looking for wireless signals. Coffee shops, stores, and other public places will make good target areas, too.
The security flaw falls squarely in Broadcom’s lap since it designed the WiFi chip and its embedded software. According to Beniamini’s research Broadcom’s WiFi SoC “lacks basic exploit mitigations, such as stack cookies, safe unlinking,” and also doesn’t use the available memory protection features.
Luckily, Apple patched Broadcom’s security flaw with the iOS 10.3.1 update and Google released a similar Android update on Monday, too. The flaw underscores how difficult it is for device makers to stay on top of security issues because some components—like Broadcom’s popular WiFi SoC—are out of their control.
Broadcom says security in new versions of its WiFi SoC is better, and more are being evaluated. Still, it kind of sucks that Broadcom didn’t implement better security from the beginning.