Skip to main content

Disconnect Wi-Fi Autoconnect Bug Could Allow Access To Your Smartphone

By July 24, 2017May 24th, 2021Technology News

A new bug has been discovered that impacts both Android and iOS devices. If you use a smartphone that contains Broadcom Wi-Fi chips, and you probably do, the newly discovered exploit allows an attacker to execute malicious code on your device remotely with no input or action required by you.

The bug was discovered by the security firm Artenstein and reported to Google, but at this point, neither company has released any significant details about the issue. However, Google did release a security patch for it as of July 5.

Other security researchers have reverse-engineered Google’s patch to gain some insight as to exactly how the flaw works, and how it could be used.

It’s being called “Broadpwn,” and appears to be a stack overflow issue in Broadcom Wi-Fi chips. Exploitation can occur when the user’s device receives a WME (Quality of Service) element of malformed length from a network it’s connected to.

All you’d have to do to fall victim to this is walk into range of the attacker’s Wi-Fi network.

Given this, your best defense is to only connect to trusted networks and turn the autoconnect feature off of your phone, lest you risk giving a hacker unfettered control over your device.

Although it’s been patched, at least on the Android side, not everyone sets their devices up to automatically receive security updates. If yours is not set to do so, then take a few minutes to download this one.

This bug also underscores the importance of a growing problem. With Wi-Fi networks being so numerous and readily available these days, many, if not most people casually connect to any network in range without thinking or worrying about the potential downside. If you’re serious about data security, that practice needs to stop.

Chris Forte

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.

Leave a Reply