Despite Apple’s and Google’s best efforts to keep our smartphones safe, new smartphone vulnerabilities keep coming up. Most times, these are exclusive to a device, or perhaps several versions of a device’s firmware, and these are usually dealt with swiftly. However, there’s a new security flaw has been discovered that goes beyond operating systems and delivers malware in a way that has not been seen before.
This security flaw attacks a phone’s Wi-Fi chip. Now, because multiple manufacturers source their wireless equipment from the same company, t can be carried out across devices. Broadcom produces the tech used in some of the market’s top devices like the Galaxy, Nexus and iPhone brands, so it is easy to see how easily this exploit could be spread.
Researcher Nitay Artensen revealed this flaw at the Black Hat security conference that was recently held in Las Vegas. Fortunately, this particular security flaw has been patched. If you have updated to the recently released iOS 10.3.3 or Android’s July security fix, your phone is no longer susceptible to the attack.
Here’s how it works. Hackers took advantage of common flaws found in a number of Broadcom’s chips to write and push code that can directly inhibit a phone’s Wi-Fi capabilities. Through this, they gain full control over the component, and can even engineer the malware to self-replicate and automatically move to the next-closest device, all on its own. Everything can be carried out without knowledge of the specific device being targeted.
Thankfully, this exploit only concerns the Wi-Fi chip and cannot be used to gain access to the device at this time. While the vulnerability has been patched for users of the newest devices receiving the latest security updates, owners of older hardware will regrettably be left out in the cold. Under Google’s current policy for its own products, like the Pixel, system updates are no longer issued two years after release, while security updates wrap up after three years. This is standard practice in the Android industry, and unfortunately this is the best that smartphone owners can really hope for.