Slashdot Mirror
Android Devices Can Be Fatally Hacked By Malicious Wi-Fi Networks (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: A broad array of Android phones is vulnerable to attacks that use booby-trapped Wi-Fi signals to achieve full device takeover, a researcher has demonstrated. The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. Apple patched the vulnerability with Monday's release of iOS 10.3.1. "An attacker within range may be able to execute arbitrary code on the Wi-Fi chip," Apple's accompanying advisory warned. In a highly detailed blog post published Tuesday, the Google Project Zero researcher who discovered the flaw said it allowed the execution of malicious code on a fully updated 6P "by Wi-Fi proximity alone, requiring no user interaction." Google is in the process of releasing an update in its April security bulletin. The fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible. Company representatives didn't respond to an e-mail seeking comment for this post. The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values. The values, in turn, cause the firmware running on Broadcom's wireless system-on-chip to overflow its stack. By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks, Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode. Beniamini's code does nothing more than write a benign value to a specific memory address. Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point.
The flaw is in the Wi-Fi controller, not the OS. That's why this hit both iOS and Android.
We've got your money now fuck off.
... but let's be honest here, as much as Apple fans love to tout that it's safer for viruses, that's certainly not the case ...
Except 79% of iOS users have a patch available right now, 10.3.1. For extreme vulnerabilities such as this, in the past Apple also has updated "obsolete" versions of iOS. So if they provide a hypothetical 9.3.6 they could get coverage to 90%.
In comparison the current version of Android has 2.8% overage, add the previous version and we have 34.1%, go back two "obsolete" versions and we have 66.6%, three "obsolete" versions back (KitKat 4.4) and we get to 87.4% coverage. In theory, in reality most of those old Android phones won't be offered a patch even if Google produced one.
It seems to me that one is safer with iOS, you are more likely to get a patch.
https://developer.apple.com/support/app-store/
https://developer.android.com/about/dashboards/index.html
Your device generally includes some sort of CPU, which is usually programmed in C. It might also include a gate-array program, which is written in verilog or VHDL. Backdoors and bugs live in both of these things.
Bruce Perens.
Not exactly. From the blog post, you can see that the attack can only be performed by another peer on the same wifi network. So at least if you are on a secure, private network, you are safe.
Lastly, as we’ll see later on, triggering these two vulnerabilities can be done by any peer on the Wi-Fi network, without requiring any action on the part of the device being attacked (and with no indication that such an attack is taking place).
It's not actually as bad as all that luckily. From the blog post, the attack can only be performed by another peer on the same wifi network. So at least if you are on a secure, private network, you are safe.
Lastly, as we’ll see later on, triggering these two vulnerabilities can be done by any peer on the Wi-Fi network, without requiring any action on the part of the device being attacked (and with no indication that such an attack is taking place).