Skip to main content
  1. Home
  2. Mobile
  3. News

Wi-Fi exploit can repeatedly duplicate itself and infect wireless devices

By

A man looks on his phone.
ryanking999/123RF
Despite Apple’s and Google’s best efforts to keep our smartphones safe, new vulnerabilities always crop up. Traditionally, they are exclusive to a device, or maybe several versions of a device’s firmware — and hopefully, they are dealt with swiftly. Unfortunately, a new gap has been discovered that transcends operating systems, delivering malware in a way we have not seen before.

The exploit attacks a phone’s Wi-Fi chip and because multiple manufacturers source their wireless equipment from the same company, it can be carried out across devices. Broadcom produces the tech used in some of the market’s top devices, like the Galaxy, Nexus, and iPhone brands. Appropriately, the scheme has been named “Broadpwn,” according to The Guardian.

Recommended Videos

Researcher Nitay Artenstein revealed the flaw at the Black Hat security conference in Las Vegas on Thursday. Fortunately, it has just been patched. If you have updated to the recently released iOS 10.3.3 or Android’s July security fix, your phone is no longer susceptible to the attack.

Related

As for how it works, hackers have been able to take advantage of common flaws found in a number of Broadcom’s chips to write and push code that can directly inhibit a phone’s Wi-Fi capabilities. Through this, they gain full control over the component and can even engineer the malware to self-replicate and automatically move to the next-closest device all on its own.

According to Artenstein, the method requires very little intervention on the part of the hacker. Everything can be carried out remotely, without knowledge of the specific device being targeted. It is so discreet, there is no sign to tip the owner off that they have been infected.

It sounds like a doomsday scenario — especially the self-replicating part — though thankfully the exploit only concerns the Wi-Fi chip and cannot be used to gain access to the device at this time.

While the vulnerability has been patched for users of the newest devices receiving the latest security updates, owners of older hardware will regrettably be left out in the cold. Under Google’s current policy for its own products, like the Pixel, system updates are no longer issued two years after release, while security updates wrap up after three. That is standard practice in the Android industry and unfortunately, the best owners can really hope for. Most manufacturers struggle to get crucial updates out in a timely manner and some never even get around to it.

Editors’ Recommendations

Topics
Adam Ismail
Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
I review phones for a living — here are the 10 apps I can’t live without
iPhone 14 Pro with custom home screen on Mickey Mouse phone holder next to flowers

For most of my life, I think I’ve had a pretty unique career path among my family and friends. Ever since I got the original iPhone, I’ve turned my love for writing into writing about technology, specifically mobile phones. Though I’ve pretty much been iPhone-only for most of my career, since I started at Digital Trends, I’ve been opening up to the world of Android.

Now that I’m checking out both iPhone and Android phones, the world of apps for me has expanded quite a bit. But regardless of what device I’m using, there are some apps that I need before anything else. Here are the first apps that I install when I get a new phone.
1Password (iOS and Android)

Read more
These 80+ apps could be running adware on your iPhone or Android device
Illustration of an infected iPhone

Cybersecurity company Human has uncovered another adware campaign engaging in ad fraud that is targeting iOS and Android devices. In the simplest terms, ad fraud allows a bad actor to either visibly spam an app with ads, or to manipulate the code in such a way that the ads are invisible to the user while the bad actor extracts advertising money from a marketer.

In each iteration, it’s fraudulent. Ad fraud has been widespread in the industry for a while, and the latest investigation uncovered a cache of over 75 Android apps listed in the Google Play Store and nearly a dozen apps on Apple’s App Store that are engaged in various forms of ad fraud.

Read more
Microsoft Defender finally feels like proper antivirus software for individuals
The Windows Security app in Windows 11.

With password attacks and ransomware on the rise, Microsoft has announced the general availability of Microsoft Defender for individuals, a premium, cross-platform, consumer security application for Windows, Android, iOS, and Mac.

Available for paid Microsoft 365 Personal and Family subscribers, this new security offering from Microsoft is the latest step in a journey to bring its security features to all of its users. Building on what's been done with the Windows Security app on Windows, Microsoft Defender for individuals will bring together multiple protections into a single online dashboard.

Read more