https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/
A broad array of Android phones are vulnerable to attacks that
use booby-trapped Wi-Fi signals to achieve full device takeover, a
researcher has demonstrated.
The vulnerability resides in a widely used Wi-Fi chipset manufactured
by Broadcom and used in both iOS and Android devices. Apple patched the
vulnerability with Monday’s release of iOS 10.3.1. “An attacker within
range may be able to execute arbitrary code on the Wi-Fi chip,” Apple’s
accompanying advisory warned. In a highly detailed blog post published
Tuesday, the Google Project Zero researcher who discovered the flaw said
it allowed the execution of malicious code on a fully updated 6P “by
Wi-Fi proximity alone, requiring no user interaction.”
Google is in the process of releasing an update in its April
security bulletin. The fix is available only to a select number of
device models, and even then it can take two weeks or more to be
available as an over-the-air update to those who are eligible. Company
representatives didn’t respond to an e-mail seeking comment for this
post.
No comments:
Post a Comment