Earlier this week, an InfoSec researcher discovered a vulnerability found within Wi-Fi forms used by a wide range of smartphones, including Samsung Galaxy, iPhone and Google Nexus.
This vulnerability was called Broadpwn and works by exploiting a number of defects in Broadcom’s Wi-Fi chips.
The good news is that this vulnerability has already been solved with July’s Android security patch and iOS for version 10.3.3 for iPhone.
To make it very interesting Broadpwn is an uncommon feature: it is capable of infecting a device without the need for the user to do some specific operation, the hacker does not need information about the device to attack and the vulnerability can be exploited without sending in Crash the system.
Obviously at the Black Hat conference a practical demonstration of Broadpwn‘s operation was provided: the researcher created an auto-replicating worm with which he infected a Samsung Galaxy which in turn infected another smartphone.
Fortunately, Broadpwn can not pass from the Wi-Fi chip to the device and it is for this reason that users are encouraged to update their smartphones as soon as possible.