Another update, another Apple WiFi hack. A security researcher has published a proof-of-concept (PoC) code for a vulnerability (CVE-2017-11120) on iPhone 7 that would allow an attacker remote access to the phone.
Google project Zero member, Gal Beniamini, published the code for Apple WiFi hack after the company released a security update last week. The issue affects all iOS versions except version 11.
All what the attacker needs is the iPhone’s MAC address or network-port ID, and that is easy to obtain, thus, the vulnerability is considered a serious threat to iPhone users.
Beniamini informed WiFi chip maker Broadcom and privately reported this vulnerability in Google’s Chromium bug-reporting system on August 23.
“The exploit gains code execution on the Wi-Fi firmware on the iPhone 7,” says Gal Beniamini, a member of the Google Project Zero security team.
“Upon successful execution of the exploit, a backdoor is inserted into the firmware, allowing remote read/write commands to be issued to the firmware via crafted action frames, thus allowing easy remote control over the Wi-Fi chip,” Beniamini says.
The Apple WiFi hack, the exploit, works remotely with no user interaction. The user is exploited once they try to connect to a rogue WiFi network.
Beniamini says the flaw exists on Broadcom chips running firmware version BCM4355C0, which is not only used by iPhones but also used by a large number of other devices, including Android smartphones, the Apple TV and smart TVs.
Google has addressed this issue on Nexus and Pixel devices, as well as Android devices earlier this month. However, Android users are required to wait for their handset manufacturers to push out the updates on their devices.
Apple WiFi hack is similar to BROADPWN
The vulnerability is similar to BROADPWN which was discovered earlier in the summer, also affecting Broadcom WiFi chipsets.
Broadpwn works similarly to Beniamini’s bug by allowing the attacker to seamlessly execute code on remote devices.