Grafvision - Fotolia
A researcher at Google's Project Zero developed an iOS exploit that's similar to the Broadpwn attack revealed at Black Hat 2017. How does this exploit work, and how does it compare to Broadpwn?
The Broadpwn flaw -- CVE-2017-11120 -- was a popular Wi-Fi-centric exploit, or buffer overflow, published in fall 2017 that impacted numerous wireless routers, as well as the Samsung Galaxy S7 Edge phone. This was a buffer overflow flaw that could be exploited to gain remote unauthorized access to vulnerable systems.
The latest iOS-centric flaw impacts the same Broadcom BCM4355C0 Wi-Fi chips affected by Broadpwn, but this flaw can be used to exploit the firmware for remote control and code execution on an iPhone 7. The iOS exploit code is publicly available.
As with many niche security vulnerabilities such as this, there's a caveat: the MAC address of the device being exploited must be known. That's not necessarily a difficult thing to figure out, but it is a hoop that attackers must jump through.
This exploit impacts iOS versions up to 10.3.3. A fix has been released, but, as I have observed, many mobile phone users don't update their software that often, which can exacerbate the risk of flaws like Broadpwn and this new iOS exploit.
Let this be a reminder that no matter how loudly people proclaim that Apple products are secure and impenetrable, they're really not -- as we recently found out with macOS High Sierra.
Whether this iOS Wi-Fi firmware flaw remains a theoretical or impractical attack, or if it ends up being a global vulnerability, this is why mobile devices need to be addressed as part of a larger information security program. It's not enough to simply say 'we're a BYOD shop' and leave it at that.
Similar to how Greek statesmen Pericles once said, "Just because you do not take an interest in politics doesn't mean politics won't take an interest in you," if mobile device security is ignored, then it is bound to have an imminent negative impact on the business.
Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)