DoS vulnerability affects older iPhones, Droids, even a Ford car

Publicly available code allows hackers to disable Wi-Fi in a range of products.

Proof-of-concept code exploiting a denial-of-service vulnerability in two Broadcom chip models.

Core Security
The iPhone 4 and a slew of older devices from Apple, Samsung, HTC, and other manufacturers are vulnerable to attacks that can make it impossible to send or receive data over Wi-Fi networks, a security researcher said.

Proof-of-concept code published online makes it trivial for a moderately skilled hacker to disable older iPhones, HTC Droid Incredible 2s, Motorola Droid X2s, and at least two-dozen other devices, including Edge model cars manufactured by Ford. The Denial-of-Service vulnerability stems from an input-validation error in the firmware of two wireless chips sold by Broadcom: the BCM4325 and the BCM4329. The US Computer Emergency Readiness Team has also issued an advisory warning of the vulnerability.

“The only requirement to exploit the vulnerability is to have a wireless card that supports [the] raw inject of 802.11 frames,” Andrés Blanco one of the researchers from Core Security who discovered the vulnerability, told Ars. “The Backtrack Linux distribution has almost everything you need to execute the POC provided in the advisory.”

The Core Security advisory said that Broadcom has released a firmware update that patches the “out-of-bounds read error condition” in the chips’ firmware. Device manufacturers are making it available to end users on a case-by-case basis since many of the affected products are older and already out of service.

Blanco said the exploit makes it impossible for an affected device to send or receive data over Wi-Fi for as long as the DoS attack lasts. Once the malicious packets subside, the device will work normally. Other device functions are unaffected by the Wi-Fi service interruption. He said it’s possible the bug could be exploited to do more serious things.

“We are not sure that we could retrieve private user data but we are going to look into this,” he said.

Brief updated to add detail about about device functions in second-to-last paragraph.

Editor’s Pick: Promoted Reader Comment

ChuckstarArs Tribunus Militum jump to post
Fozzybare wrote:

Does this affect just Droid branded phones or Android phones in general? Because if it is the latter you should change your headline.

Edit: yes, give me downvotes because I am correct. Flawless logic. Droid is a BRAND and does not pertain to every Android phone.

The flaw is in the hardware and only occurs in two chips sold by Broadcom, so it wouldn’t be in Android phones in general. They used “Droid” in the headline because two Droid phones are affected.
2133 posts | registered Nov 13, 2002
Dan GoodinSecurity Editor jump to post
Fozzybare wrote:

Does this affect just Droid branded phones or Android phones in general? Because if it is the latter you should change your headline.

Edit: yes, give me downvotes because I am correct. Flawless logic. Droid is a BRAND and does not pertain to every Android phone.

Fozzybare, what’s your support for saying you’re “correct”? As you could have confirmed yourself by clicking on the advisory, the headline is correct in saying Droid, rather than Android. Please spend a minute or two thinking things over before posting comments.
220 posts | registered Jan 30, 2012
metrometroSmack-Fu Master, in training jump to post
I want to comment on this, but my microwave is DoSing my wifi. This exploit is called “Popcorn button.”

Advertisements

About contra

Film maker. Video game historian. Will put more in here this section soon!
This entry was posted in technology and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s