Broadpwn - IOS and Android patches available, silence about Linux

tsu2 · July 23, 2017, 12:30am

Current major vulnerability to be aware of.
Unfortunately,currently there is no remedy and no workaround short of disabling or removing the use of the Broadcom hardware altogether. Partly because of Broadcom’s licensing the world is waiting on Broadcom to create a fix. But, because Apple just announced they are pushing a patch for iOS devices, we can be hopeful that a patch for other platforms may be available sooner than later. Google has also created a patch for Android, but because of licensing and distribution restrictions, it’s unlikely any but devices manufactured by Google itself will ever see the patch. Google says it’s screening apps distributed through its Play Store to block distribution of exploit code.

References
https://nvd.nist.gov/vuln/detail/CVE-2017-9417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9417
http://cwe.mitre.org/data/definitions/284.html
https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
https://source.android.com/security/bulletin/2017-07-01

There is very little published on the Web today, but here is a summary of what I’ve found

First assigned its CVE entry a month ago (early June).
Unknown who discovered and published but the Blackhat presentation may be the first reveal.
Scope - affect all Broadcom 43xx chips which is broadly Broadcom’s family of WiFi chips. There have been some posted Q about RPi’s SOC but there is no current indication it’s affected.
Although the Blackhat presentation only describes mobile devices as targets, the nature of the vulnerability suggests far greater numbers of potential targets.
Since this is a compromise of the chip firmware, it affects all hardware platforms that use Broadcom WiFi chips including Linux, Windows, Android, iOS, and more. Once a compromise has firmware root permissions, exploit code is supposed to then gain similar permissions in the OS.

Because of the paucity of information today,
Any reference to, and mention of Linux in this post is my own speculation and to my knowledge no Linux exploit code exists. But, I am posting this in part as part of the rising chorus asking Broadcom to expedite a fix.

TSU

cainghienmatuy · July 23, 2017, 11:31pm

Interested and will take time to refer. Thanks !

dommezatti · January 7, 2018, 8:48am

tsu2:

Current major vulnerability to be aware of.
Unfortunately,currently there is no remedy and no workaround short of disabling or removing the use of the Broadcom hardware altogether. Partly because of Broadcom’s licensing the world is waiting on Broadcom to create a fix. But, because Apple just announced they are pushing a patch for iOS devices, we can be hopeful that a patch for other platforms may be available sooner than later. Google has also created a patch for Android, but because of licensing and distribution restrictions, it’s unlikely any but devices manufactured by Google itself will ever see the patch. Google says it’s screening apps distributed through its Play Store to block distribution of exploit code.

References
https://nvd.nist.gov/vuln/detail/CVE-2017-9417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9417
http://cwe.mitre.org/data/definitions/284.html
https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
https://source.android.com/security/bulletin/2017-07-01

There is very little published on the Web today, but here is a summary of what I’ve found

First assigned its CVE entry a month ago (early June).

Unknown who discovered and published but the Blackhat presentation may be the first reveal.

Scope - affect all Broadcom 43xx chips which is broadly Broadcom’s family of WiFi chips. There have been some posted Q about RPi’s SOC but there is no current indication it’s affected.

Although the Blackhat presentation only describes mobile devices as targets, the nature of the vulnerability suggests far greater numbers of potential targets.

Since this is a compromise of the chip firmware, it affects all hardware platforms that use Broadcom WiFi chips including Linux, Windows, Android, iOS, and more. Once a compromise has firmware root permissions, exploit code is supposed to then gain similar permissions in the OS.

Because of the paucity of information today,
Any reference to, and mention of Linux in this post is my own speculation and to my knowledge no Linux exploit code exists. But, I am posting this in part as part of the rising chorus asking Broadcom to expedite a fix.

TSU

This is such an interesting thread. I am really interested in learning more about the Broadcom patches. Why hasn’t this thread received much engagement? @tsu2 I would love to know more what you’ve learnt about the exploit codes and knolwedge you gained.