Definition
Billions of smartphones, both Android and iOS have the same Wi-Fi chipset from Broadcom (BCM43xx family). A recent study presented at Black Hat conference has revealed a major vulnerability in that chipset that opens the smartphone to attacks via Wi-Fi connection. The vulnerability is open on all devices before the versions iOS 10.3.3 (released 20 July) or the July security update for Android, which contains fixes for the flaw. The vulnerability allows an attacker to gain access at the chip level and write programs that can be running on that chip. The targeted phone or user does nothing additional nor does the user notice that device has been exploited.This vulnerability is first of this kind of exposure (all iOS devices after iPhone 5; all Samsung Galaxy from S3 through S8, inclusive; all Samsung Notes 3; all Nexus versions 5 – 6P), exploiting peripherals not core, does not need any action from user and can be used as a network for worm.
Brief Description
The resourceful attacker develops a worm that exploits the vulnerabilities of the BCM 43xx chips. The attacker presents himself in some event that has many high-ranking officers attending. The attacker infiltrates few of the smartphones (requires only activated Wi-Fi) and installs the worm. When officers return to their command posts and headquarters, their smartphones start to infect other devices within the Wi-Fi range. After few days, the higher commanders and their staffs’ smartphones are prepared for the next phase.The attacker, depending on the situation, can exploit the remotely controllable botnet (networks of remotely controlled robots) either collecting all information achievable through microphones and sessions or, in the brink of attack, suppress all smartphone usage of affected officers. This may delay or disable to the reaction of the higher-ranking officers enough to gain the advantage on ground, air or sea (recall the reason for slow German response to the invasion of Normandy).
Recommendation
End-users and administrators:
- Update all possible Smart devices with:
- Android: 2017-07-05 security patch
- iOS: 10.3.3
Military system architects:
- Broadpwn is a textbook example of using a large surface with a small but innovative effort to tap sensitive information or suppress main information flows.
- Military architects should always provide strategic variety for critical information flows and mitigate the single points of failure.
Military Chief Information Officers:
- No one mean of communications of information processing can be reliable enough.
- Always require parallel, independent options for business continuity.
References:
- https://www.wired.com/story/broadpwn-wi-fi-vulnerability-ios-android/
- https://www.theguardian.com/technology/2017/jul/27/broadpwn-smartphone-malware-bug-iphone-samsung-google
- https://blog.exodusintel.com/2017/07/26/broadpwn/