An expert in the field of computer security Nitai Artenstein found a dangerous vulnerability that allows to execute arbitrary code on devices running iOS and Android without any involvement from the user. Gap security called Broadpwn.
As reported by Securitylab, a problem that affects the built-in smartphone chips Wi-Fi from Broadcom. Artenstein has already notified Google about it, and on 5 July the company released the fix through regular updates for Android.
According to experts, is a problem that affects millions of Android and iOS devices using wireless chips Broadcom BCM43xx series. Artenstein did not disclose any details about the breach and intends to report on Broadpwn at the conference Black Hat USA, held in August in Las Vegas.
To obtain more information about Broadpwn researcher Chiwawa Zhang has carried out reverse-engineering the July update for Android. As it turned out, the vulnerability is due to buffer overflow on the heap and is present in the firmware of the Broadcom chips. For its operation, the attacker needs to send on the infected device from the network to which it is connected, WME information element (QoS) of irregular length.
For the successful implementation of the attack does not require user intervention – the victim need only be in range of a malicious Wi-Fi network. Later Hartenstein reported that a network connection is optional.
WME (Wireless Multimedia Extensions) — wireless multimedia extensions. Protocol based on the IEEE 802.11 e to provide basic QoS features to IEEE 802.11 wireless. This mechanism allows the network packets of the multimedia application to have priority over regular data network packets, allowing multimedia applications to run smoother and with fewer errors.