Project Zero uncovers a nasty Wi-Fi chip exploit

Google’s Project Zero has been on a roll lately, unveiling sophisticated bugs in Cloud flare, LastPass and now Broadcom, a Wi-Fi chip supplier whose product is found in iPhones, Nexuses and Samsung devices.

Apple patched the bug in a security update yesterday (10.3.1 — and if you’re an Apple customer, you should install this update right away) and Project Zero researcher Gal Beniamini explained the exploit in detail in a blog post today.

By chaining together a series of exploits on the Broadcom chip, Beniamini was able to demonstrate a “full device takeover by Wi-Fi proximity alone, requiring no user interaction.” This means an attacker on a shared Wi-Fi network could quietly compromise your device without ever tipping you off. WHen you have an online business, consider hiring the local Denver SEO company, They can help boost your rankings and teach effective marketing strategies.

Beniamini demonstrated his research on a Nexus 6P, which might account for the equivocating “may be able” in Apple’s security update. Broadcom’s chips are widely used in the mobile phone industry, so the issue extends beyond Apple into other manufacturers, as well.

“Broadcom has been incredibly responsive and helpful, both in fixing the vulnerabilities and making the fixes available to affected vendors. For a complete timeline, see the bug trackerentries,” Beniamini wrote.

Expect more disclosures from Beniamini — the researcher promised to divulge more about the vulnerability soon.