Vulnerabilities in the Broadcom system-on-a-chip that provides wifi for many Android devices mean that simply lighting up a malicious wifi access point can allow an attacker to compromise every vulnerable device in range, without the users having to take any action -- they don't have to try to connect to the malicious network.
Iphones are also vulnerable to the attack, but Apple issued a patch for them on Monday.
Android updates are only available for "select devices" and can be up to two weeks away, or longer, depending on your carrier.
Part of the problem is that Broadcom's security stinks, lacking "all basic exploit mitigations—including stack cookies, safe unlinking and access permission protection (by means of [a memory protection unit.])"
The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values. The values, in turn, cause the firmware running on Broadcom's wireless system-on-chip to overflow its stack. By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks, Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode. Beniamini's code does nothing more than write a benign value to a specific memory address. Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point.
Android devices can be fatally hacked by malicious Wi-Fi networks
[Dan Goodin/Ars Technica]
(Image: Bill Ward, CC-BY)
Do Not Track was a standardized way for browsers to tell services that their owners did not consent to having their activities and usage logged; however, it was subverted by Big Tech and big media companies and turned into a useless tick-box that had virtually no impact on your privacy.
The latest fuck-you from Oath -- the Verizon division created to manage the zombie assets of AOL and Yahoo, bought at a ridiculous premium and then written down by more than 99% -- is the impending drawdown of Yahoo Groups, with mass deletions of all stored "Files, Polls, Links, Photos, Folders, Calendar, Database, Attachments, Conversations, […]
In 2017, California passed a state law mandating disclosure of wholesale drug prices, something the Big Pharma companies fought tooth and nail. Now, the first of those disclosures has taken place, and it reveals spectacular levels of price-gouging from the pharmaceutical industry's greediest monopolists: an overall rise of 25.8% in the median drug price since […]
Do you own a Mac? Unless you’re using it for a paperweight, you almost can’t afford not to get the Magnificent Mac Bundle. It’s a roundup of some truly essential security and file management apps, bundled up with great photo and video enhancers. The best part is that all nine apps are potentially available for […]
As much as vaping has taken over the market during the last decade, there’s still a lot of questions about the technology, as well as health concerns that we’re just now finding out about. One thing you can say about smoking: You know exactly what you’re getting, especially when it comes to pipes that you […]
We can’t all go through life with just a pair of sneakers and flip-flops. Sometimes, you have to invest in a pair of high-quality dress shoes. However, you’ve probably discovered that high-end footwear almost always comes with eye-popping price tags. You’ve got to compromise on second-hand or just suck it up and take out a […]