A Firmware Flaw in Smartphones, Tablets, and a Car (also, telecom transparency)

Sending your smartphone to sleep with the fishes is evidently not enough — here’s a vulnerability that affects both phones and tablets, no matter what the OS. A low-level chipset used by older HTCs, iPhone/iPads, Samsungs, and the Ford Edge (just to name a few) is vulnerable to a remote DoS attack. It might also be possible to get information out of the phone along the same route, but the researchers haven’t researched that far yet.

This is why diversity is a core component of good security… everyone using the same chipset means that one flaw can take down a lot of different devices. And everyone using the same chipset means there’s a lot more incentive to go after that one chipset.

On a different note, maybe you politically inclined types ought to start lobbying for something like this in your jurisdiction(s) of choice — Canadian telecoms have been ordered to tell people what their real costs are:
http://blogs.montrealgazette.com/2012/10/26/crtc-orders-telecom-companies-to-open-their-books/

http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329
https://threatpost.com/en_us/blogs/patch-available-broadcom-mobile-device-firmware-dos-vulnerability-102612

“Older versions of Broadcom firmware found in a number of mobile devices from major vendors including the Apple iPhone, iPad, Samsung Galaxy S and HTC Droid Incredible are vulnerable to a denial of service attack.

Researchers Andres Blanco and Matias Eissler of Core Security Technologies reported the vulnerability in August, and this week published details on proof-of-concept exploit code.

Broadcom has issued a firmware update and said customers are deploying the patch on a case by case basis. Most of the vulnerable mobile devices are no longer supported.

The vulnerability is an out-of-bounds read-error condition, Core and US-CERT said in an advisory. It exists in Broadcom BCM4325 and BCM4329 combo solutions firmware. Information disclosure is also possible, Core said. Broadcom said other chips are not affected.

“An attacker can send a RSN (802.11i) information element, which causes the Wi-Fi [network interface card] to stop responding,” the advisory said.

The Broadcom BCM4325 chipset is found in the iPhone 3GS, iPod 2G, HTC Droid Incredible, HTC Touch Pro 2 and the Ford Edge automobile. The BCM4329 is in the iPhone 4, iPod 3G, iPad 3G and Wi-Fi, Motorola Droid X2, Xoom and Atrix, the Samsung Galaxy Tab, Galaxy S 4G and Nexus S, among other devices.

Broadcom said an attacker would require “significant technical expertise” to execute the attack and cause the chips to experience a service interruption.”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: