Q
Manage Learn to apply best practices and optimize your operations.

Broadpwn flaw: How does the new iOS exploit compare?

An iOS exploit similar to the Broadpwn flaw was recently developed by a researcher at Google's Project Zero. Expert Kevin Beaver explains what the exploit is and how it works.

A researcher at Google's Project Zero developed an iOS exploit that's similar to the Broadpwn attack revealed at...

Black Hat 2017. How does this exploit work, and how does it compare to Broadpwn?

The Broadpwn flaw -- CVE-2017-11120 -- was a popular Wi-Fi-centric exploit, or buffer overflow, published in fall 2017 that impacted numerous wireless routers, as well as the Samsung Galaxy S7 Edge phone. This was a buffer overflow flaw that could be exploited to gain remote unauthorized access to vulnerable systems.

The latest iOS-centric flaw impacts the same Broadcom BCM4355C0 Wi-Fi chips affected by Broadpwn, but this flaw can be used to exploit the firmware for remote control and code execution on an iPhone 7. The iOS exploit code is publicly available.

As with many niche security vulnerabilities such as this, there's a caveat: the MAC address of the device being exploited must be known. That's not necessarily a difficult thing to figure out, but it is a hoop that attackers must jump through.

This exploit impacts iOS versions up to 10.3.3. A fix has been released, but, as I have observed, many mobile phone users don't update their software that often, which can exacerbate the risk of flaws like Broadpwn and this new iOS exploit.

The latest iOS-centric flaw impacts the same Broadcom BCM4355C0 Wi-Fi chips affected by Broadpwn, but this flaw can be used to exploit the firmware for remote control and code execution on an iPhone 7.

Let this be a reminder that no matter how loudly people proclaim that Apple products are secure and impenetrable, they're really not -- as we recently found out with macOS High Sierra.

Whether this iOS Wi-Fi firmware flaw remains a theoretical or impractical attack, or if it ends up being a global vulnerability, this is why mobile devices need to be addressed as part of a larger information security program. It's not enough to simply say 'we're a BYOD shop' and leave it at that.

Similar to how Greek statesmen Pericles once said, "Just because you do not take an interest in politics doesn't mean politics won't take an interest in you," if mobile device security is ignored, then it is bound to have an imminent negative impact on the business.

Ask the expert:
Want to ask Kevin Beaver a question about security? Submit your question now via email. (All questions are anonymous.)

This was last published in January 2018

Dig Deeper on BYOD and mobile device security best practices

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does the iOS exploit impact your organization or BYOD?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close