[Battlemesh] Exploit code on the wifi chip

Ben West ben at gowasabi.net
Fri Apr 7 22:14:16 CEST 2017


The ars tech story points refers to this story by Google.
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

They basically did a detailed security audit of stack using materials
Broadcom/Cypress supplied, namely datasheets and softmac driver code.
Cynical speculation I read elsewhere is that Broadcom/Cypress' possible
response would be to make the materials secret, i.e. only available with
NDA.


On Fri, Apr 7, 2017 at 3:03 PM, txt.file <txt.file at txtfile.eu> wrote:

> So we can reverse engineer the firmware now? Does this mean that we now
> have a softmac instead of a hardmac? ;-)
>
> Benjamin Henrion:
> > This Broadcom exploit made my day, the attacker can run code on the wifi
> chip:
> >
> > https://arstechnica.com/security/2017/04/wide-range-
> of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/
> >
> > Love Broadcom closed source firmwares.
> >
> > --
> > Benjamin Henrion <bhenrion at ffii.org>
> > FFII Brussels - +32-484-566109 - +32-2-3500762
> > "In July 2005, after several failed attempts to legalise software
> > patents in Europe, the patent establishment changed its strategy.
> > Instead of explicitly seeking to sanction the patentability of
> > software, they are now seeking to create a central European patent
> > court, which would establish and enforce patentability rules in their
> > favor, without any possibility of correction by competing courts or
> > democratically elected legislators."
> > _______________________________________________
> > Battlemesh mailing list
> > Battlemesh at ml.ninux.org
> > http://ml.ninux.org/mailman/listinfo/battlemesh
> >
>
>
> _______________________________________________
> Battlemesh mailing list
> Battlemesh at ml.ninux.org
> http://ml.ninux.org/mailman/listinfo/battlemesh
>
>


-- 
Ben West
ben at gowasabi.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ml.ninux.org/pipermail/battlemesh/attachments/20170407/3c17d015/attachment-0001.html>


More information about the Battlemesh mailing list