Chip vulnerability could crash your outdated phone via Wi-Fi

If your phone doesn't have the latest update, leaving your Wi-Fi open might let hackers take over your device.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read

Until Apple and Android's update in July, Broadpwn affected the latest iPhones and Android devices.

Jason Cipriani/CNET

Your Wi-Fi is a window to all of the internet's riches, like videos of funny cats, that email your second cousin thinks is hilarious and pictures of food you haven't eaten.

But for hackers, it's an opening to crash your phone. Nitay Artenstein, a researcher at Exodus Intelligence, found a vulnerability in Broadcom's widely used Wi-Fi chipsets, and on Thursday he presented his research at the Black Hat security conference in Las Vegas.

The vulnerability could let hackers take over your phones remotely through Wi-Fi -- and crash it. The hacker would just need to be in your phone's Wi-Fi range to send the attack through the airwaves. You wouldn't even need to be connected to Wi-Fi to get hit, just as long as your Wi-Fi is on, Artenstein said.

"The user doesn't need to actively connect or be connected to a specific network," Artenstein said during his presentation at Black Hat.

While patches for the flaw have reached many phones, a lot more out there -- especially older ones -- remain vulnerable.

Add it to the list of all the security issues you have to deal with on a growing list of gear, from phones and laptops to cars and the internet-connected cameras monitoring your house. Wi-Fi has become a popular attack vector as hackers look to break into devices through any opening you give them. Even if a phone's operating system is heavily secured, third-party hardware can leave security flaws for attackers to exploit, putting scrutiny on every aspect of the phone, not just the software.

The vulnerabilities lie in Broadcom's BCM43 series, including the BCM4354, BCM4358 and BCM4359 Wi-Fi chipsets.

Broadcom did not respond to a request for comments.

Its Wi-Fi chipsets are extremely popular, with millions of Android and iOS devices using the technology to get online. Companies like Google , Samsung, HTC and LG all have hardware that rely on Broadcom's chips.

"If you can find one bug, you can use it in many different places," Artenstein said.

After Artenstein reached out to Google about the vulnerability, known as Broadpwn, the company released an update for Android on July 5 to patch Broadcom's security flaws. Google called Broadpwn a "critical" security issue, pointing out that the "most severe vulnerability" allowed dangerous attacks.

The Broadpwn bug was patched in Apple's update on July 19.

Broadcom's security issues have affected iOS and Android owners in the past, after a security flaw revealed in April allowed attackers to run code on its Wi-Fi chip. It affected Apple devices from the iPhone 5 to the iPhone 7 , which also uses Broadcom's chips.

While Broadcom's chipsets are popular across devices, they're not in every phone, and the flaw has been patched for the majority of affected phones. If you're really concerned about the attack, you can simply turn off your phone's Wi-Fi.

Update, 10:15 a.m. PT: To add details from Nitay Artenstein's presentation.

Intolerance on the Internet: Online abuse is as old as the internet and it's only getting worse. It exacts a very real toll.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.