violetkaipa - Fotolia
Flawed Broadcom Wi-Fi chipsets get a fix, but flaw remains a mystery
Broadpwn, a flaw in Broadcom Wi-Fi chipsets, is patched, but Google withholds details. Plus, the latest in the antivirus drama between the U.S. and Russia, and more.
Google's July 2017 Android Security Bulletin included a fix for the vulnerability known as Broadpwn, but the details of the flaw won't be disclosed until the Black Hat USA 2017 conference later this month.
Broadpwn is a severe vulnerability in some Broadcom's Wi-Fi chipsets that affects Android devices and iPhones. Google is holding on to the details of the flaw for now, but the advisory said that Broadpwn "could enable a proximate attacker to execute arbitrary code within the context of the kernel" and that the patch addresses Wi-Fi drivers.
The reason specifics about Broadpwn are scarce is because Exodus Intelligence security researcher Nitay Artenstein is scheduled to present the details and backstory of this vulnerability at Black Hat in Las Vegas at the end of July.
"The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices - from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices," reads the abstract for the presentation, which also claims the Broadpwn flaw affects "millions of Android and iOS devices."
Broadpwn, or CVE-2017-9417, was added to the Common Vulnerabilities and Exposures (CVE) on June 3, though it's unclear when the vulnerability was disclosed to Google. According to Google, there are no active exploits so far. Artenstein is scheduled to discuss how the flaw was discovered, "and how we went on to leverage our control of the Wi-Fi chip in order to run code in the main application processor" during the Black Hat presentation, which wasn't announced until the end of June.
Broadpwn is the second major vulnerability in Broadcom Wi-Fi chipsets seen this year. In April, Google Project Zero researcher Gal Beniamini discovered that Android devices and iPhone were susceptible to remote code execution exploits by taking advantage of a flaw in Broadcom's Wi-Fi chipsets. Beniamini said that the malicious code could be executed just "by Wi-Fi proximity alone, requiring no user interaction."
The finding of the Project Zero proof of concept is that Broadcom's firmware is significantly behind the times when it comes to security. "Specifically," Beniamini wrote, "it lacks all basic exploit mitigations - including stack cookies, safe unlinking and access permission protection (by means of an MPU)."
In other news
- The first of two hackers associated with the group "Crackas with Attitude" was sentenced to two years in prison for hacking personal accounts of U.S. government officials, including then-CIA Director John Brennan's AOL accounts. Andrew Otto Boggs, known as "Incursio," of North Wilkesboro, N.C., was arrested with fellow hacker Justin Gray Liverman, known as "D3f4ult," of Morehead City, N.C., in September of 2016. Boggs pleaded guilty in January 2017 to gaining unauthorized access via social engineering to government computer systems and the online accounts of at least 10 government officials. Along with other members of Crackas with Attitude, who are located in the United Kingdom and being prosecuted by the Crown Prosecution Service, Boggs then posted the information gathered in the hacks to the public, exposing the names and contact information for tens of thousands of employees in the Department of Justice and the Department of Homeland Security. Liverman also pleaded guilty in January and is set to be sentenced on July 28.
- In the latest chapter of Kaspersky Lab versus the U.S. government, co-founder and CEO Eugene Kaspersky said that he is willing to turn over the source code of his company's products to U.S. government officials for examination. This follows last week's move by U.S. senators to try to ban the use of Kaspersky Lab products in the military as part of the National Defense Authorization Act. In an interview with The Associated Press, Kaspersky said he would disclose the source code if the U.S. needs it, and said, "Anything I can do to prove that we don't behave maliciously I will do it." The U.S. governments' suspicions that Kaspersky Lab does not operate independently of the Kremlin have yet to be backed up with solid evidence. Meanwhile, Russian lawmakers are drafting a bill that would make the use of Western antivirus products in Russia illegal. Russian officials said the bill is not political and wouldn't have a big impact on foreign businesses if it passes into law.
- Siemens patched two critical vulnerabilities in Intel's Active Management Technology (AMT). One of the flaws enabled attackers to gain system privileges for the company's industrial controls systems, and the other enabled attackers to upload and execute arbitrary code. Siemens had 38 product series affected by these bugs and, according to an advisory put out by the company, "unprivileged local or remote attackers can gain system privileges to provisioned Intel manageability SKUs: Intel AMT, Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT)." Siemens released firmware updates to fix the issue this week.