Project Zero has been helping to rid the world of exploits and security flaws for a few years now, regularly releasing information on these bugs to manufacturers and then giving them a short time period to correct the problem before it’s made public. In this case, the Project Zero researcher and bug discoverer, Gal Beniamini, said that Broadcam had been very “responsive,” helped fix the bug, and explained its problem to manufacturers.
Apple has responded with a security update, fixing up the problem in its 10.3.1 release, though it hasn’t released a comment on the bug. Techcrunch notes that Google has declined to comment on the matter.
It’s good to see speedy responses, though. From the detailed breakdown of the bug, it seems like a nasty one. It uses a series of exploits to breach the Broadcom chip’s security, which can in turn be used to take over the entire device it’s built into. All of that can be achieved wirelessly, with no direct interaction with the handset in question.
Theoretically, anyone on a shared Wi-Fi network, private or public, could compromise a device built with Broadcom’s Wi-Fi system on a chip (SOC).
Fortunately it sounds like Broadcom has been very open to advice on how to improve its security and has now informed Project Zero that newer versions of its Wi-Fi SoC will utilize a memory protection unit and several other hardware security measures. We’re told that these should fix most of the exploit paths used to make this bug viable and Broadcom is also considering implementing “exploit mitigations in future firmware versions,” as well.
