Last week researcher Nitay Artenstein of Exodus Intelligence published a proof of concept for a self-replicating worm that could spread autonomously between mobile devices, needing only the device’s WiFi network address to infect the device.
If infected, the device’s WiFi chip would be completely under the attacker’s control, allowing them to propagate the malware to other devices on the network. They might also use this foothold to attempt to exploit another vulnerability and gain full access to the device’s main OS and data.
Phones vulnerable to WiFi breach
This proof of concept takes advantage of a vulnerability (known as CVE-2017-9417) in the popular Broadcom WiFi chips that are included in a wide variety of Android and iOS phones, including:
- Samsung Galaxy from S3 through S8, inclusive
- All Samsung Notes3. Nexus 5, 6, 6X and 6P
- All iPhones after iPhone 5
The Exodus Intelligence researchers monitored WiFi network traffic in an urban area to get a sense for the number of vulnerable phones. During this time, they found that approximately 70 percent of the phones detected were running Broadcom WiFi chips, which could be vulnerable.
The good news is that Android and iOS have published security updates which protect against this vulnerability. iOS addressed this vulnerability in their 10.3.3 release on July 19th. Android also patched this vulnerability in their July 5 security update.
However, just because these patches have been released doesn’t necessarily mean that they’re protecting your device. At the time of writing this, the author’s Galaxy S7 was running the previous security patch and was vulnerable to infection. This is another reminder of how important it is to be diligent about keeping devices updated, especially mobile phones.
Check your phone for vulnerability
How to check whether your iOS device is potentially vulnerable:
- Go to Settings > General > About
- If your iOS version is 10.3.3 or greater, you have Apple’s fix for this vulnerability. If not, then it’s time to update.
How to check whether your Android device is potentially vulnerable:
- Go to Settings > About Phone > Android Security Patch Level
- If the Security Patch Level is July 5th, 2017, or later, then you are protected. If not, it’s time to update.
iOS devices should have the latest update available. Android devices are more complicated, as there are a much wider variety of vendors and models. Though Android has released a patch, it doesn’t mean that patch has made it to all vendor-specific versions of Android OS. Users should be diligent about updating Android devices, and careful about WiFi networks until the July 5 update is installed.
This vulnerability, and its possibility for viral exploitation, highlights prevailing security wisdom: always keep your devices updated; and always be careful when connecting to an unknown or public WiFi network. You never know who might be on the network with you.
Shawn Morrison is an application architect for AppRiver.
ARE YOU CONNECTED?