Project Zero finds large vulnerability involving Broadcom Wi-Fi chips

Google’s Project Zero has been on a roll lately, unveiling sophisticated bugs in Cloudflare, LastPass and now Broadcom, a Wi-Fi chip supplier whose product is found in iPhones, Nexuses and Samsung devices.

Project Zero has been helping to rid the world of exploits and security flaws for a few years now, regularly releasing information on these bugs to manufacturers and then giving them a short time period to correct the problem before it’s made public. In this case, the Project Zero researcher and bug discoverer, Gal Beniamini, said that Broadcam had been very “responsive,” helped fix the bug, and explained its problem to manufacturers.

Apple patched the bug in a security update. (10.3.1 — and if you’re an Apple customer, you should install this update right away) and Project Zero researcher Gal Beniamini explained the exploit in detail in a blog post.

“An attacker within range may be able to execute arbitrary code on the Wi-Fi chip,” Apple said in its security update notes. This is not good! It is quite bad, in fact, and that might explain why Apple pushed out 10.3.1 so quickly (10.3 was released only a week ago). Apple and Google declined to comment.

Fortunately it sounds like Broadcom has been very open to advice on how to improve its security and has now informed Project Zero that newer versions of its Wi-Fi SoC will utilize a memory protection unit and several other hardware security measures. We’re told that these should fix most of the exploit paths used to make this bug viable and Broadcom is also considering implementing “exploit mitigations in future firmware versions,” as well.

%d bloggers like this: