Friday, 28 April 2017 17:38

Security researcher unearths serious iOS and Android Wi-Fi exploit

By: 

Security researcher Gal Beniamini — who works for Google’s Project Zero — recently unearthed a serious vulnerability affecting the Wi-Fi chipsets used in both iOS and Android devices. Detailing the proof-of-concept attack at length, Beniamini explains in an interesting blogpost how an attacker within range on a shared Wi-Fi network could potentially execute arbitrary code on a targeted device.

By chaining together a pair of exploits, Beniamini managed to demonstrate a “full device takeover by Wi-Fi proximity alone, requiring no user interaction.” The attack was deemed to be serious enough that Apple wasted no time in patching up the vulnerability, having released iOS 10.3.1 earlier in the week.

Apple’s release note for the iOS update reads:

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chipDescription: A stack buffer overflow was addressed through improved input validation.

Google, meanwhile, is obviously aware of the vulnerability but a security patch for Android devices isn’t yet widely available. As ArsTechnica notes, “the fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible.”

There haven’t been any reports of a device, iOS or Android, being compromised but you’ll want to upgrade your mobile OS as soon you can. As a final point of interest, the vulnerability impacts all iPhones models since the iPhone 4s, a number of Nexus smartphones and most of Samsung’s Galaxy lineup.

Source : bgr.com By Yoni Heisler

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now