I am constantly amazed by the amount of security flaws found in, well, not just Android, but all software. A new flaw has been found by Google’s Project Zero team which allows an attacker to take over a device without any interaction from the victim.
The bug, which also affected iOS but has already been patched, is associated with the Wi-Fi Broadcom chipset used in iOS and Android devices. It allows the execution of any malicious code “by Wi-Fi proximity alone, requiring no user interaction.” The flaw allows someone who is on the same Wi-Fi access point to execute code on other devices.
Project Zero researcher Gal Beniamini said that the “lack of security protections built into many software and hardware platforms made the Broadcom chipset a prime target.” Due to the complexity of the firmware implementation of the Wi-Fi SoC it lags behind with respect to security. It lacks a lot of basic security provisions which makes it a prime target for exploitation.
This current flaw, which doesn’t have a cool name just yet, has been patched in the newer versions of the Broadcom chipset but for now we will have to rely on the Android manufacturers to fix this vulnerability in their security updates. Hopefully we will see this bundled into the May security patch which seems a long way away given the severity of this vulnerability — and remember the Google security patches are for Pixels and Nexus devices only.
At this stage there is no work around for vulnerable devices, especially when it has been shown recently that even when Wi-Fi is turned off Android devices often still relay Wi-Fi frames which allows someone to exploit this vulnerability. How long your device is vulnerable depends on the device’s manufacturer issuing security patches. Some are better than others but it is certainly something you should take into account when considering your next device purchase if security is important to you.
Until then the best advice would be to avoid unknown Wi-Fi networks and be careful if you are using a public Wi-Fi access point. Hopefully Google releases the patch in the next security update with other manufacturers to follow soon after.