Raspberry Pi Now Has Fix to BroadPwn WiFi Vulnerability

Raspberry Pi Computers, Android and Apple Smartphones now all have patches available to protect those devices from being attacked via a drive-by WiFi attack. Security researchers demonstrated last month a the Black Hat CyberSecurity Conference in Las Vegas how they could exploit vulnerabilities in the WiFi Association Process to attack smartphone devices automatically when within WiFi range, even if not on the same network. The proof of concept worked and quickly spread to all nearby devices with the vulnerable WiFi chip turned on. This vulnerability is now known by many malicious actors and is presently being exploited to attack unpatched systems. The attack vector creates an opportunity for rogue attackers to quickly take over urban environments where many WiFi enabled devices form a solid mesh of communications linking all WiFi enabled homes, traffic computers and utility lighting control systems.

Initial reports claimed that more than 1 billion devices are impacted. Vulnerable devices we now know include computers, routers and pretty much any device with WiFi turned that lack appropriate buffer overflow protection measures. The vulnerability appears to be more related to the Association Process Protocol within the 802.11 WiFi standard and poor hardware security that fails to use strong encryption algorithms to protect the hardware firmware update process.

More on the Association Process as part of the 802.11 Protocol

When a WiFi device beacons out to announce itself to other nearby devices, it does that first without requiring any authentication (username / password) requirements and emits that data in plain text. Hackers can spoof the Mac address of your router, even without your WiFi username and password, then send malicious plaintext packets impersonating your router, and can cause a buffer overflow condition that leads to remote code execution on the targeted device with the highest supervisory level of privileges possible. Once those events take place, the device can then become permanently compromised by writing custom persistent firmware to the targeted device. This can lead to root take over of the vulnerable devices. I elaborate on this in much greater technical detail on my blog at https://leeneubecker.com/turn-off-wifi-now-to-protect-your-networks-from-attack/

The U.S. Government issued a warning to SCADA systems providers last October of 2016 detailing the issues unique to new malware that writes itself to vulnerable storage chips on the computer motherboard, rather than simply writing to the file system on the hard drive. Remember the days of having to load your printer or modem driver off a disk or CD? With plug and play, peripheral makers began putting that software on flash chips that exist inside your mouse, or other USB devices. Those flash storage areas on peripherals can be updated by a root supervisory user (or malicious attacker that triggers a known buffer overflow condition on a vulnerable component of a computing device) Because of weak implementation of Encryption algorithms to protect and secure the hardware/peripheral update process, malware can be injected into the various connected devices, even components on your motherboard, such as the BIOS, or even flash chip on your network card. Most people today remain ignorant over how all of this is happening, but the word is slowly getting out.

Unfortunately, I don't think the BroadPwn WiFi vulnerability is unique to Broadcom WiFi chips, since the attack exploits issues specific to the 802.11 wireless networking protocol. Other chips may be vulnerable to similar attacks since impersonation and crafting of forged packets by an attacker can be easily accomplished as part of the association process. More on that https://leeneubecker.com/turn-off-wifi-now-to-protect-your-networks-from-attack/

BroadPwn isn't malware, it is a vulnerable attack highway that exists when WiFi chips are turned on. What payload gets delivered once this nonsecure connection is exploited to trigger a memory buffer overflow condition, can be anything from ransomware, WannaCry, or other hardware based rootkits that can sit and silently exfiltrate data from the compromised system.

Some steps that you can take to protect yourself include:

1. Be sure you applied July and August 2017 Patches to your smart phones and other WiFi enabled devices
2. Minimize your attack surface: Turn off WiFi on your devices when traveling or when WiFi is not required
3. Use old fashion ethernet cabling for sensitive environments
4. Check your router to see if it uses a Broadcom B43xx* chipset and if it does, make sure you are running firmware dated on or after July of 2017
5. Consider having an outside security audit performed on your router and a sampling of computer devices on your network.