Researchers at security vendor Core Security have a vulnerability in the firmware of wireless chips discovered that allows DoS attacks. The products manufactured by Broadcom chips come in various smartphones, tablets, laptops and even cars are used.
The error is in the Broadcom BCM4325 and BCM4329 chips.According to the researchers checked the firmware is not what entries it receives. They may try to information outside the normal data area, they could access the reading – what is referred to as out-of-bounds read error. In its security advisory, Core Security has indicated that a user is denied due to the failure to access the wireless LAN interface. Confidential information might be disclosed.
Core Security has Broadcom informed about the vulnerability before it’s gone with its results to the public. Moreover, it had notified the U.S. Computer Emergency Response Team (US-CERT) and the affected equipment manufacturers. These include Apple, HTC, Motorola, Nokia, Samsung, Asus, LG Electronics and Ford
Broadcom has confirmed the vulnerability in the meantime. However, only those two chips are concerned. The error is also leave exploit only with very extensive technical knowledge and lead to failure during an attack only the WLAN connection. Other functions of a smartphone or tablet would not be affected. “The DoS problem in no way compromised the security of user data,” said the chipmaker.
The Advisory Core Security has published written in Python sample code for an exploit that can be downloaded to any, to verify the existence of the vulnerability. However, hackers could exploit the code for their own purposes.
Broadcom has been updated packages are intended to eliminate the vulnerability. Most smartphone and tablet users can not do anything with it, however, because they require an official update of the device manufacturer. According to Core Security, the two susceptible chips including in Apple’s iPhone 4, iPhone 3GS, iPad, iPad 2, built into Samsung’s Nexus S and Galaxy Tab, as well as Nokia’s Lumia 800th