Skip to main content

Project Zero finds large vulnerability involving Broadcom Wi-Fi chips

nexus 5 smartphone
bloomua/123RF
Google’s Project Zero continues to strap on its cape to make the world a safer place for us to use our electronics, this time helping to discover a dangerous flaw in Broadcom Wi-Fi chips. That hardware can be found in a variety of smartphones, including iPhones, Nexus phones, and a variety of Samsung devices.

Project Zero has been helping to rid the world of exploits and security flaws for a few years now, regularly releasing information on these bugs to manufacturers and then giving them a short time period to correct the problem before it’s made public. In this case, the Project Zero researcher and bug discoverer, Gal Beniamini, said that Broadcam had been very “responsive,” helped fix the bug, and explained its problem to manufacturers.

Apple has responded with a security update, fixing up the problem in its 10.3.1 release, though it hasn’t released a comment on the bug. Techcrunch notes that Google has declined to comment on the matter.

It’s good to see speedy responses, though. From the detailed breakdown of the bug, it seems like a nasty one. It uses a series of exploits to breach the Broadcom chip’s security, which can in turn be used to take over the entire device it’s built into. All of that can be achieved wirelessly, with no direct interaction with the handset in question.

Theoretically, anyone on a shared Wi-Fi network, private or public, could compromise a device built with Broadcom’s Wi-Fi system on a chip (SOC).

Fortunately it sounds like Broadcom has been very open to advice on how to improve its security and has now informed Project Zero that newer versions of its Wi-Fi SoC will utilize a memory protection unit and several other hardware security measures. We’re told that these should fix most of the exploit paths used to make this bug viable and Broadcom is also considering implementing “exploit mitigations in future firmware versions,” as well.

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
This Wi-Fi security flaw could let drones track devices through walls
Professor Ali Abedi flying Wi-Peep standing against brick wall.

A research team from the University of Waterloo has attached a device to a drone that can use vulnerabilities in Wi-Fi networks to see through walls.

Imagine intruders being able to track people by the devices they have on them or find weak spots in their homes. This alarming possibility has been proven by a device called Wi-Peep, which is essentially $20 of easily-purchasable hardware, an off-the-shelf quadcopter, and the work of Dr. Ali Abedi and his team at the University of Waterloo.

Read more
Google Nest Wi-Fi Pro adds Wi-Fi 6E but loses compatibility
Google Nest Wi-Fi Pro in Lemongrass color rests on a shelf.

Google just released a new Wi-Fi router, the Nest Wi-Fi Pro, as part of its ongoing efforts to make it quicker and easier to watch videos on YouTube, do a Google search, or connect to your Nest smart home devices. Without reliable internet access, that Google-y goodness might not be available. It's also more eye-catching than earlier models and up to twice as fast but there are a few concerns with this new mesh router.

Nest Wi-Fi pro adds the latest wireless standard, Wi-Fi 6E, which has three bands instead of the usual two. That means the Nest Wi-Fi Pro can connect to older devices at 2.4 and 5 GHz, as well as newer technology using the latest 6GHz radio frequency band.

Read more
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more