What's new

AsusWRT Broadcom Wifi Chipset vulnerable to Remote hijack attacks?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dugaduga

Senior Member
IoS & Android devices use broadcom Wifi chipsets, Israeli hackers pioneered a means of hijacking the chipset remotely. AsusWRT also uses broadcom. I'm curious if these attacks could be as easily done to an AsusWRT. This gives hackers hardware level access. Apparently separating the Wifi from the SoC is one of the few ways to help mitigate such an attack, other than chips protected with ASLR/DEP.

@RMerlin, see this black hat demonstration, starts at ~6:00

Given the scope of this, and the fact they can spread this worm from iphone to iphone automatically, it makes me curious if it is possible that such an attack could occur, jumping from wifi router to wifi router... or from an infected mobile andriod/ios device to a asuswrt broadcom wifi router.
 
Last edited:
Do these attacks target clients, or AP? Because they are two very different things. That was the case for instance with KRACK which targeted specifically clients, not APs.
 
Old news - fixed back in late 2017 for most wireless NIC's...

risk these days is older clients/AP's that haven't been updated, and even then, needs a very focused and purpose driven approach to make it useful...
 
Do these attacks target clients, or AP? Because they are two very different things. That was the case for instance with KRACK which targeted specifically clients, not APs.

@Thanks RMerlin. I believe in this particular instance, it is a chipset level client attack. Clients must connect to a malicious device... though I wouldn't be surprised if the same can be done to AP so long as there is no ASLR/DEP built into the chipset. Could you elaborate on the difference?
 
Old news - fixed back in late 2017 for most wireless NIC's...

risk these days is older clients/AP's that haven't been updated, and even then, needs a very focused and purpose driven approach to make it useful...

How can they have updated the chipset itself, you mean they updated the hardware itself? This means everything before late 2017 is still vulnerable.
 
How can they have updated the chipset itself, you mean they updated the hardware itself? This means everything before late 2017 is still vulnerable.

The firmware in the chip is upgradable - the brcmfmac firmware was patched back in Oct 2017... brcmsmac was right about the same time for the Broadpwn vuln.

Most if not all devices have pulled in the patches needed...

This is almost a year old thing - like I said earlier - old news...
 
Oh, it's the old Broadpwn exploit. As sfx says, this is very old news by now. Everything indicated that clients were targeted, not APs, so your phone is what needed an update (which has been provided over a year ago now), not your routers.
 
WOW, thank you @sfx2000, you are in the know. And RMerlin! Well given the nature of corporate espionage and the like, I'm sure people are always looking for a way to exploit the AP via the chipset as well. Glad to hear this was patched. Exploits are always coming and going, hopefully they will implement ASLR/DEP over the long haul as a preventative measure for any possible 0-day intrusion.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top