We of a certain age remember the days before WiFi was widespread. It sucked. Now, there's a wireless network on every corner bringing you all the wonders (and horrors) of the internet. They can also bring you something else: hacks. A researcher from Google's Project Zero security team has revealed an exploit for Broadcom WiFi chips that can allow an attacker to execute code on your device. They just have to be on the same WiFi network as you.
Gal Beniamini from Project Zero developed a method of feeding a device WiFi frames with irregular values. This causes a stack overflow in the Broadcom firmware, and that provides an opening to run arbitrary code on the device. The proof of concept doesn't do anything major (and it requires the attacker to know a targeted device's MAC address), but Beniamini was able to write values to a specific memory address. That suggests a properly motivated individual or group could use this to hack a device.
According to the exhaustive Project Zero analysis (which you can read in full), Broadcom is missing some very basic security measures including stack cookies, safe unlinking, and access permission protection. Broadcom chipsets have a memory protection unit, but Beniamini found it ineffective at preventing the attack. Broadcom says its next generation of chips will have more advanced protections.
This doesn't only affect Android. Apple released a patch for this vulnerability in its most recent iOS update. On Android, it'll take a while to get devices updated. This vulnerability was fixed in the April security patch, so there are some Android devices protected. Not very many, though.
- Google Project Zero