The Apple iPhone 7 and Samsung Galaxy S7 edge, and other devices with Broadcom chips detected dangerous vulnerability
The Apple iPhone 7 and Samsung Galaxy S7 edge, and a number of other devices were vulnerable to hackers. The weak point that allows you to remotely hack the device, due to the Broadcom chip that provides support for Wi-Fi. This was reported by one of the experts of Google Project Zero team involved with information security.
According to him, when successfully triggered, the malicious code modifies the firmware, adding the capability to remotely run commands read and write transmitted over Wi-Fi in shell blocks of data.
Tamper successfully tested in iOS 10.2 (14C92). According to the specialist, the described approach should work in all later versions of iOS up to 10.3.3.
Essentially a vulnerability has been discovered close to the Broadpwn vulnerability, which was reported at the Black Hat event in 2017. Google and Apple closed it in the July update of the OS. Organization National Institute of Standards and Technology evaluated the risk of vulnerability of 9.8 points out of 10.
It is known that the vulnerability Broadpwn was typical of more than a billion devices. It is possible that new weakness is common as well. In addition to smartphones, at risk are routers, set-top boxes and other devices that support Wi-Fi.
In the next monthly security update, Google released a patch for this vulnerability (Android Security Bulletin 2017-09-05). As always, it will be some time until Samsung and other Google partners will make it available for their devices.