Project Zero Sheds Light On Broadcom Wi-Fi Chip Hack

Google's Project Zero has shed light on a Broadcom Wi-Fi chip hack that explains how one might be able to execute code on a user's Android device through an exploit on Broadcom's Wi-Fi SoCs. That being said, the exploit is more or less a proof of concept and Project Zero states that they have already alerted Broadcom to this particular issue, noting that the company was extremely helpful in getting things patched up. It's also worth mentioning that not all Android smartphones are using a Broadcom Wi-Fi chip inside, although some of the more popular models are such as the Nexus 6P, the Nexus 6, the Nexus 5, and many Samsung devices.

Project Zero illustrated the beginning part of this test exploit by using a Nexus 6P that was running on Android 7.1.1 Nougat, though the exploit is also now invalid as it has already been fixed up, but it was still usable at the time of the test. The downside is that only a few devices have this fix and those are the devices which already have the April Security Patch installed, so Android devices that have Broadcom chips but not the patch are still unprotected. As for the actual exploit, by modifying certain values of a Wi-Fi frame and then sending those to the chip, an attacker could potentially gain access to a device through a forced stack overflow and executing code remotely which could allow them control of the device.

For this to work an attacker would have to be in possession of specific knowledge such as the MAC address of the user device they're trying to hack into, and they would have to be on the same Wi-Fi network. That doesn't make the process impossible of course, but it certainly limits the field of potential risks. While the versions of the Broadcom chip don't have certain security measure that would have helped prevent such an exploit from working, like safe unlinking, stack cookies, and access permission protection, Project Zero states that Broadcom has already made changes to the SoC and their newer versions of the chip now include extra hardware security mechanisms. Since this has been fixed as part of the April Security Patch, users will want to keep an eye out for the update if they haven't already installed it.

You May Like These
More Like This:
About the Author
2015/07/13-1.jpg

Justin Diaz

Head Editor
Lover of food, craft beer, movies, travel, and all things tech. Video games have always been a passion of his due to their ability to tell incredible stories, and home automation tech is the next big interest, in large part because of the Philips Hue integration with Razer Chroma. Current Device: Google Pixel.
Android Headlines We Are Hiring Apply Now