I am constantly amazed by the amount of security flaws found in, well, not just Android, but all software. A new flaw has been found by Google’s Project Zero team which allows an attacker to take over a device without any interaction from the victim.
The bug, which also affected iOS but has already been patched, is associated with the Wi-Fi Broadcom chipset used in iOS and Android devices. It allows the execution of any malicious code “by Wi-Fi proximity alone, requiring no user interaction.” The flaw allows someone who is on the same Wi-Fi access point to execute code on other devices.
Project Zero researcher Gal Beniamini said that the “lack of security protections built into many software and hardware platforms made the Broadcom chipset a prime target.” Due to the complexity of the firmware implementation of the Wi-Fi SoC it lags behind with respect to security. It lacks a lot of basic security provisions which makes it a prime target for exploitation.
This current flaw, which doesn’t have a cool name just yet, has been patched in the newer versions of the Broadcom chipset but for now we will have to rely on the Android manufacturers to fix this vulnerability in their security updates. Hopefully we will see this bundled into the May security patch which seems a long way away given the severity of this vulnerability — and remember the Google security patches are for Pixels and Nexus devices only.
At this stage there is no work around for vulnerable devices, especially when it has been shown recently that even when Wi-Fi is turned off Android devices often still relay Wi-Fi frames which allows someone to exploit this vulnerability. How long your device is vulnerable depends on the device’s manufacturer issuing security patches. Some are better than others but it is certainly something you should take into account when considering your next device purchase if security is important to you.
Until then the best advice would be to avoid unknown Wi-Fi networks and be careful if you are using a public Wi-Fi access point. Hopefully Google releases the patch in the next security update with other manufacturers to follow soon after.
“and remember the Google security patches are for Pixels and Nexus devices only.”
Not true, and Sony have been particularly good at keeping their devices updated with the monthly patches, only a month or so behind which is a damn lot better than most other manufacturers. My Xperia Z5 has the March security patch.
Your security patch was issued by Sony though, not direct from Google, hence the article is correct. As you say, Sony has been pretty good at rolling out the security updates in a very timely manner. Not many other manufacturers achieve that, or even try.
Ausdroid’s advice is insufficient. As per the source Ars article – this is a bug in the Wifi SoC firmware and all that is needed is for the Wifi to be searching for networks. Avoiding connecting to unknown networks doesn’t help. Unless the phone’s Wifi is properly, completely off then the bug can be exploited. Additional Android bugs get this out of the wifi firmware and into the core OS. April security patches fixing it is all very well – but this SoC / firmware is in quite a few phones, some of which aren’t getting security updates anymore –… Read more ยป
This is already fixed in the April security patches.
4G data is cheap enough now that it is easy to avoid unknown / untrusted wifi anyway.