The Broadpwn hack has the potential to hack yours or anyone smartphone. Thats right, 1 billion smartphones are about to be affected unless their owners update. Read to see if you need to!
How many people use smartphones? Maybe a better question would be, how many of you are reading this article from your phone? Statistics say that more than 50% of internet usage comes from smartphones. Which means that wireless internet connection is pretty important to our society. What happens when every single smartphone gets hacked?
As crazy as it sounds, it’s true, and it just happened. Hopefully, you just updated to iOS 11.2, because for the 1 billion smartphones this hack could affect, yours is probably one of them. It’s being called Broadpwn, and being hailed as the first WiFi worm.
How does it work?
Broadpwn works by taking advantage of a vulnerability in the Broadcom chip that is utilized in every iPhone and most modern Android devices. As you know, a phone searches for familiar WiFi networks before connecting to one. The hack comes into play during this initial handshake process. A bug known as “heap overflow” is the culprit. This means that a piece of data wasn’t properly constricted, and allowed malforming to occur, which left opportunity for corruption in the module’s memory and overflowing into other parts of the memory to run as commands.
“You malform it in a special way that gives you the power to write anywhere in memory,” Nitay Artenstein, a security researcher who discovered Broadpwn, explains. That sort of overflow is vastly harder to exploit when a hacker is remotely attacking randomized, protected memory of modern operating systems, but worked perfectly in the memory of Broadcom’s Wi-Fi module on smartphones. “It’s a pretty special bug.”
In other words, someone who knows what they’re doing could easily hack your phone as you as you’re in WiFi range. They could steal personal information from you, including contact info, and even payment information. What’s worse, they could use your phone as a rogue access point that could spread the hack, infecting nearby phones. It could spread like wildfire if introduced.
Am I safe?
Luckily, Google and Apple both released security patches for the bug earlier this month. If you updated your phone recently, you should be good. Updating is the key to staying safe in a world where constant changes in technology mean constant changes in cyber security. If you’re not up to date in what’s going on in the world, you’re going to get hacked, or lose data, or lose your business.
Artenstein told Wired Magazine about the way hackers search for exploits. SPOILER ALERT: it’s a method that is going to surprise you.
“We’re witnessing a process in which mainstream systems like the application processors running iOS or Android have become so hardened by undergoing intense security research that security researchers are starting to look into other directions,” says Artenstein, who presented his findings at the Black Hat security conference and in a subsequent WIRED interview. “They’re starting to look for that breach in the wall where exploitation still isn’t that difficult.” As hackers search for increasingly rare attacks that don’t require any interaction from users, like opening a malicious page in a browser or clicking a link in a text message, they’ll focus on third-party hardware components like Broadcom’s chips.”
Stay safe, and update your smartphone OS and all your apps. It’s the only way to prevent dangerous hacks like Broadpwn.