Update your phone’s operating system - it possibly has a malware vulnerability

News
By
published

Affecting iPhones, Samsung Galaxy and Google Nexus handsets

It’s worth updating your phone’s operating system as soon as you can. Many top-of-the-line handsets have been found to have a vulnerability that potentially leaves them exposed to a malware attack. 

The vulnerability (dubbed Broadpwn) affects the Wi-Fi chips on iPhones, Samsung Galaxy and Google Nexus devices. The name comes from the manufacturer of these chips, Broadcom.

The vulnerability was discovered by Nitay Artenstein, a researcher presenting at the Black Hat information security conference in Las Vegas. 

It has now been patched, but you need to make sure that you are on iOS 10.3.3 if you’re an iPhone user, or have the July security update for Android to ensure the fix is on your device.

What is remarkable about this exploit is that that it is truly remote, meaning that it requires no action from the victim, the attacker doesn’t need to know anything about the device they are targeting, and the system can be taken over without crashing. 

Spreading like wildfire, but it has limitations

An attacker can write programs directly onto the chipset, and as it's the Wi-Fi chip the program can easily spread between devices, with the only criteria being that the devices are physically near each other. 

Artenstein provided a proof of concept on stage at the event by infecting a Samsung Galaxy device with his “worm” and then leaving it alone to infect another nearby Samsung phone with no further input from him, or any action required on the second handset. 

The implications of this are fairly obvious, as an exploit of this kind could spread from handset to handset like a real virus.

The good news is that even without the patch, the exploit still has its limitations. It can only affect the Wi-Fi chip, and not the entire handset, meaning it could stop your Wi-Fi working but that’s about it. There would need to be a second vulnerability for it to infect more of the phone. 

Artenstein’s proof of concept does add one extra insult to injury; any infected phone broadcasts the message “I’m pwned”, but only on wavelengths that those in the know will be able to hear. 

Source The Guardian

See more News about Phones
TOPICS
Andrew London
Andrew London

Andrew London is a writer at Velocity Partners. Prior to Velocity Partners, he was a staff writer at Future plc.

Latest in Phones
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
Samsung Galaxy S25 Ultra HANDS ON
‘I don't see a space where the S Pen is not a key part of our portfolio’: Samsung executive defends the S Pen amid cancellation rumors
Google Pixel 9
There's something strange going on with Google Pixel phone vibrations after the latest update
Android 16 logo on a phone
Android 16 beta users are reporting major battery drain issues – but I’m not too worried about it
The Samsung Galaxy S24 Ultra with S Pen drawn, demonstrating Circle to Search
Samsung says ‘millions’ are using Galaxy AI regularly, despite surprising survey results
Latest in News
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 9 (game #1140)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 9 (game #371)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 9 (game #637)
WhatsApp
WhatsApp just made its AI impossible to avoid – but at least you can turn it off
More about phones
Apple iPhone 16 Review

Three iPhone 17 model dummy units appear in a hands-on video leak
Samsung Galaxy S25 Ultra HANDS ON

‘I don't see a space where the S Pen is not a key part of our portfolio’: Samsung executive defends the S Pen amid cancellation rumors
Disney Imagineering BDX Droids at Disneyland Galaxy's Edge

The adorable BDX Droids are coming to more Disney Parks around the world, including Disney World
See more latest
Most Popular
Disney Imagineering BDX Droids at Disneyland Galaxy's Edge
The adorable BDX Droids are coming to more Disney Parks around the world, including Disney World
Orange servers and networks
Alibaba doubles down on RISC-V architecture with a new secretive 'server-grade' chip that will put AMD and Intel on alert
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
Samsung Galaxy S25 Ultra HANDS ON
‘I don't see a space where the S Pen is not a key part of our portfolio’: Samsung executive defends the S Pen amid cancellation rumors
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 9 (game #371)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 9 (game #1140)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 9 (game #637)
Cunard Photo Book
Billions of cherished photos at risk; only a third of Americans back up their precious pics to the cloud
Getac B360 and B360 Pro rugged laptop
This extraordinary rugged laptop can take up to three batteries and three SSDs and even comes with an Nvidia GPU
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price