Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Black Hat is coming and with it a good reason to update your "Broadcom-based" devices - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Black Hat is coming and with it a good reason to update your "Broadcom-based" devices

Black Hat US 2017 is debuting and with it a potential concern to most of us. It turns out that one of the conference presentations, entitled BROADPWN: REMOTELY COMPROMISING ANDROID AND IOS VIA A BUG IN BROADCOM’S WI-FI CHIPSETS [1]will detail how Broadcom BCM43xx Wi-Fi chipsets can be exploited to achieve full code execution on the compromised device without user interaction.

“An attacker within range may be able to execute arbitrary code on the Wi-Fi chip”, says Apple about this vulnerability (CVE-2017–9417) in its latest security bulletin [2]. Google published the patch to fix the vulnerability on Android early this month [3].

Besides Apple, those chipsets are present on most smartphone devices like HTC, LG, Nexus and most Samsumg models as well. Make sure to have this vulnerability fixed in all your devices?—?especially if you are planning to be in Las Vegas next week.

References
[1] https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
[2] https://support.apple.com/pt-br/HT207923
[3] https://source.android.com/security/bulletin/2017-07-01

--
Renato Marinho
Morphus Labs | LinkedIn | Twitter

Renato

15 Posts
ISC Handler
Any idea if this will affect other broadcom 43xx devices? E.g. according to https://wikidevi.com/wiki/ASUS_RT-AC68U this wifi router contains the BCM4360 which is a 43xx but not one of the 3 mentioned 43xx models.
Arnt

4 Posts Posts
According to CVE-20179417 details (nvd.nist.gov/vuln/detail/…), the vulnerability affects the BCM43xx chipset firmware, which would include the model you mentioned (BCM4360). We may have further details during @nitayart's presentation that may clarify affected models. For now, I would suggest you to look for your product's vendor for any update related to vulnerability.
Renato

15 Posts Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!