Cyber security researchers found a vulnerability in Broadcom’s widely used Wi-Fi chipsets. The vulnerability, could let hackers take over user phones remotely through Wi-Fi and crash it. The hacker would just need to be in user phone’s Wi-Fi range to send the attack through the airwaves. User wouldn’t even need to connect Wi-Fi to get hit, just as long as your Wi-Fi on.
The user doesn’t need to actively connect to a specific network. While, patches for the flaw reached many phones, a lot more out there especially older ones remain vulnerable.
Wi-Fi has become a popular attack vector as hackers look to break into devices through any opening you give them. Even if a phone’s operating system heavily secured, third-party hardware can leave security flaws for attackers to exploit, putting scrutiny on every aspect of the phone. The vulnerabilities lie in Broadcom’s BCM43 series, including the BCM4354, BCM4358 and BCM4359 Wi-Fi chipsets.
Broadcom did not respond to a request for comments. Its Wi-Fi chipsets are extremely popular, with millions of Android and iOS devices using the technology to get online. Companies like Google, Samsung, HTC and LG all have hardware that rely on Broadcom’s chips.
After Artenstein reached out to Google about the vulnerability, known as Broadpwn, the company released an update for Android on July 5 to patch Broadcom’s security flaws. Google called Broadpwn a “critical” security issue, pointing out that the “most severe vulnerability” allowed dangerous attacks.
Broadcom’s security issues have affected iOS and Android owners in the past, after a security flaw revealed in April allowed attackers to run code on its Wi-Fi chip. It affected Apple devices from the iPhone 5 to the iPhone 7, which also uses Broadcom’s chips.
While Broadcom’s chipsets popular across devices, and the flaw patched the majority of affected phones. If you’re really concerned about the attack, you can simply turn off your phone’s Wi-Fi.