Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Broad PWN

    Hochgeladen von

    Sayani Banerjee
    54 Ansichten2 Seiten
    Different types of cyber attacks are making news everyday now. BroadPWN is such a vulnerability in Android and iOS smartphone chipsets that can be triggered remotely without any user interaction affecting millions of devices. Read the article to know more about it.

    Originaltitel

    BroadPWN

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Different types of cyber attacks are making news everyday now. BroadPWN is such a vulnerability in Android and iOS smartphone chipsets that can be triggered remotely without any user interaction affecting millions of devices. Read the article to know more about it.

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    54 Ansichten2 Seiten

    Broad PWN

    Hochgeladen von

    Sayani Banerjee
    Different types of cyber attacks are making news everyday now. BroadPWN is such a vulnerability in Android and iOS smartphone chipsets that can be triggered remotely without any user interaction affecting millions of devices. Read the article to know more about it.

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 2

    BroadPWN: Broadcom chipset bug affecting millions of Android and iOS devices

    What is BroadPWN?

    BroadPWN is the vulnerability in Android and iOS smartphone chipsets that can be triggered remotely
    without any user interaction affecting millions of devices.

    The discovery happened when Artenstein, a security researcher was looking for ways to launch a
    remote exploit from Android and iOS smartphones, but he knew it would be tough given the way the
    devices have been hardened with Address Space Layout Randomization (ASLR) and Data Execution
    Prevention (DEP).

    3 necessary ingredients to launch a remote attack:

    One is that the vulnerability did not require human interaction to launch an exploit. In this
    particular case, the smartphone would search for WiFi access points and when it found one, it
    would automatically connect.

    The bug did not require complex assumptions because a wrong assumption could reveal the
    exploit.

    Its code could be cleaned up after the payload is installed to reduce the chance of it crashing
    or failing.

    With all the elements in place, the exploit had been created. It had the ability to be remotely
    launched without user interaction and could self-propagate, like a worm.

    What has been done?

    In this particular case, the security researcher searched for a location in the chipset where he could
    write large quantities of data for the payload, and he found that in the packet ring buffer. Broadcom
    was informed of his discovery and patched the problem last month.

    Conclusion:

    Broadpwn is ideal for propagation over WLAN. It does not require authentication, doesnt need an
    infoleak from the target device, and doesnt require complicated logic to carry out. An attacker can
    turn a compromised device into a mobile infection station. Old school hackers often miss the good
    old days of the early 2000s, when remotely exploitable bugs were abundant, no mitigations were in
    place to stop them, and worms and malware ran rampant. But with new research opening previously
    unknown attack surface such as the BCM WiFi chip, those times may just be making a comeback.

    Das könnte Ihnen auch gefallen