Remotely Compromising Android and IOS via a Bug in Broadcom's WI-FI Chipsets

by Nitay Artenstein
Sept. 14, 2017 1 comment Pen Testing & Audits android ios

In this talk, we'll take a deep dive into the internals of the BCM4354, 4358 and 4359 Wi-Fi chipsets, and explore the workings of the mysterious, closed-source HNDRTE operating system. Then, we'll plunge into the confusing universe of 802.11 standards in a quest to find promising attack surfaces. Finally, we'll tell the story of how we found the bug and exploited it to achieve full code execution - and how we went on to leverage our control of the Wi-Fi chip in order to run code in the main application processor.

Steven Ulm 6 months ago

I am really curious what Broadcom said or would say about this matter in an official statement... :)