« | Home | Recent Comments | Categories | »

Many Phones Vulnerable to Attacks Over Malicious Wi-Fi Networks

Posted on April 7th, 2017 at 14:51 by John Sinteur in category: News

[Quote:]

The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. Apple patched the vulnerability with Monday’s release of iOS 10.3.1. “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip,” Apple’s accompanying advisory warned. In a highly detailed blog post published Tuesday, the Google Project Zero researcher who discovered the flaw said it allowed the execution of malicious code on a fully updated 6P “by Wi-Fi proximity alone, requiring no user interaction.”

Google is in the process of releasing an update in its April security bulletin. The fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible. Company representatives didn’t respond to an e-mail seeking comment for this post.

The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values. The values, in turn, cause the firmware running on Broadcom’s wireless system-on-chip to overflow its stack. By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks, Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode. Beniamini’s code does nothing more than write a benign value to a specific memory address. Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point.


Write a comment

Comments:

  1. Thanks. Didn’t know this till I read here. Apple requires wifi to update.

  2. No, you can use iTunes as well.

  3. Traveling now though. Have to wait till networked up. Thanks.

Hexing the technical interview

Posted on April 7th, 2017 at 14:31 by John Sinteur in category: News

[Quote:]

“So, erm… Perhaps you could tell me a bit about your background?”

He hasn’t read your resume. No man can.

“In the winter,” you begin, “above the ice-locked fjørds, lies a creek, ash-white with the ghosts of glaciers–”

“You know what?” He interrupts. It was a beautiful story, but perhaps you can tell it later. “How about we do a little programming together? Just a basic exercise so I can get a sense of how you think.”

“That sounds nice, Tim.”


Write a comment

Planet Earth : Bin Chicken

Posted on April 7th, 2017 at 14:19 by John Sinteur in category: News


Write a comment

Comments:

  1. The rest of the world will surge ahead with alt energy. We must keep USA moving towards increased development . A stop now would be a failure of the industries. .