Security issue with the BCM43438 firmware?

[goobering]

I just finished reading this (very long, very dense, very boring) writeup relating to a few security problems with Broadcom's firmware on an unspecified number of its WiFi SoCs:

https://googleprojectzero.blogspot.co.u ... -fi_4.html

While I'm no security researcher, the chipper signoff:

'In the next blog post, we’ll see how we can use our assumed control of the Wi-Fi SoC in order to further escalate our privileges into the application processor, taking over the host’s operating system!'

...sounds like the kind of thing that's probably undesirable. Google and Apple have both released security updates to address the problem in phone handsets with affected Broadcom chipsets.

The article namedrops the BCM4339 and BCM4358, and the associated bug reports (https://bugs.chromium.org/p/project-zer ... il?id=1047) mysteriously end with '...I believe this vulnerability's scope includes a wider range of Broadcom SoCs and versions'. I'm not sure whether the BCM43438 is affected or not, but it would be interesting to know one way or another.

[edge0f17]

The published attack only works from another device that is already connected to your network, but the RPi is at risk and the firmware should be updated.

[goobering]

I raised it as an issue on the RPi Github here: https://github.com/raspberrypi/firmware ... -291857845. Sounds like nobody knows if it's a problem yet.

[beta-tester]

i love those descriptions that analyse, how things works and how they can be bended/tweaked/used to force the system to do other things...
thank you for pointing to that blog article.

[jamesh]

We started looking at this the moment the issue was posted here. Nothing yet to report.

[goobering]

Thanks for that james, I look forward to reading up on the outcome. Looks like hard sums to me, good luck with it!

[jamesh]

Thanks for that james, I look forward to reading up on the outcome. Looks like hard sums to me, good luck with it!

More down to Brcm really, they provide all the HW and the drivers for it.

[nicolap8]

Hey, two month and nothing new!
So the Raspberry PIs are UNSECURE.
Thanks......

[runboy93]

Not affecting BCM43143?

Have you been in any contact with Broadcom?

[nicolap8]

Not affecting BCM43143?

I haven't found an official list of affected RPis. (Why?)
So I assume that all with a Broadcom WIFI chip ARE affected!

[jamesh]

Hey, two month and nothing new!
So the Raspberry PIs are UNSECURE.
Thanks......

Not sure what you expect us to do about it, we don't have the source code for the firmware, that is at Broadcom, so they are the ONLY people who can fix it.

They know about the issue.

Meanwhile, this, as an exploit, is very difficult to take advantage of, but if you feel the Pi is insecure, either don't use it or keep it off the network.

[nicolap8]

Hey, two month and nothing new!
So the Raspberry PIs are UNSECURE.
Thanks......

Not sure what you expect us to do about it, we don't have the source code for the firmware, that is at Broadcom, so they are the ONLY people who can fix it.

They know about the issue.

It's your duty to ask they solve the bug. Simple!

Meanwhile, this, as an exploit, is very difficult to take advantage of, but if you feel the Pi is insecure, either don't use it or keep it off the network.

Of course, we already stopped to buy RPis...

[jamesh]

Hey, two month and nothing new!
So the Raspberry PIs are UNSECURE.
Thanks......

Not sure what you expect us to do about it, we don't have the source code for the firmware, that is at Broadcom, so they are the ONLY people who can fix it.

They know about the issue.

It's your duty to ask they solve the bug. Simple!

Meanwhile, this, as an exploit, is very difficult to take advantage of, but if you feel the Pi is insecure, either don't use it or keep it off the network.

Of course, we already stopped to buy RPis...

I believe we have already reported it (of course, they would already have known about it).

I hope you have also stopped buying all other devices that use the same chip range (Mobiles, tablets, USB ethernet adapters, laptops, TV's etc) just to be on the safe side.

EDIT: You can turn the Wifi chip off and use an adaptor if you really need Wifi.