The Broadpwn Flaw Gives Remove Control Access Over Mobile Phones


The Exodus Intelligence researcher Nitay Artenstein recently discovered a vulnerability in Broadcomm’s Wi-Fi chipsets which makes infecting mobile devices with self-propagating malware possible. Dubbed Broadpwn, the flaw can be exploited for mass attacks that don’t require any user cooperation.

Artenstein found the bug in the Broadcomm BCM43xx Wi-Fi chips.
They are the dominant choice for high-end smartphones, used in the likes of Samsung’s Galaxy S8, the Nexus 5 and 6 models made for Google, and all Apple iPhones after the iPhone 5.” – he explains.

The researcher also noted that the firmware for the Broadcomm chip is not encrypted and it is lacking integrity checks which makes reverse engineering and patching the code a much easier task.

Artenstein was also able to write a proof of concept by exploiting a bug in Broadcomm’s implementation of the wireless multimedia (WMM) quality of service extension and 802.11 Wi-Fi protocol association process probe requests, proving that silently implanting attacker code on vulnerable devices is possible without any user intervention.

The attack against the Broadcomm BCM43xx chipsets sidesteps mitigations like code execution prevention and address space layout randomization which means that it can be used to code self-propagating malware. Due to such mitigations, the worms that were massively spread in the early 2000s sunk and the most recent self-propagating malware was the Conficker work back in 2009.

Artenstein created a network worm through Broadpwn, tested it in public and proved that there are many vulnerable mobile devices.

Running an Alfa wireless adapter on monitor mode for about an hour in a crowded urban area, we’ve sniffed hundreds of SSID names in probe request packets.” – Artenstein wrote – “Of these, approximately 70 percent were using a Broadcom Wi-Fi chip. Even assuming moderate infection rates, the impact of a Broadpwn worm running for several days is potentially huge.”

After hearing about this, both Google and Apple issued patches for the Broadpwn vulnerability this month.

Simona Atanasova
Simona has graduated First language school - Varna, Bulgaria with a main focus on English philology. In 2016 she received her Bachelor`s Degree in International Economic Relations from the University of Economics – Varna.Simona has been taking journalism classes in Sofia University “St. Kliment Ohridski” for a year and, currently, she is presenting all cyber-security and cyber-thread related news at


Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.