Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets

sent4dc not only was it way better to watch that way, but I had no idea until now that you could increase playback speed in the UA-cam app! Thanks!!

SHIT MAN YES ITS SO SLOW

The worst thing cannot see on 1.25

now he rapping hahaha

thanks much appreciated

666666666

Joan Montserrat so slow that I’m already bored from watching it. How many times can someone repeat what they’re saying in a different way before you’re tired of hearing them? Less than 10 minutes in and I’m already over it.

Colton B ummmm aarrrrrrmmmm ummmmmmmm ummmmmmm jesus

I just watch it with a 2x playback speed.

I keep my speed at least at 1.25, often at 1.5. Time is the most valuable commodity in the world.

Could have been half the length if he had a full presentation ready, instead of long periods of silence and “um” being used almost every other phrase. He spent more time on his slides than figuring out what to say with the slides. Very disappointed with this speaker, and I hope that Black Hat refuses any of his future talks unless he is actually prepared.

lol

Security by obscurity doesn't work.

Well you could argue if they stopped the source code from being leaked then this exploit wouldn't have been discovered

It wouldn't been discovered YET

Yuri Geinish - is joke

It's not apparent to you that access in this memory could allow for code to be executed within the OS of the phone correct?

Didn't really delve more into it than what is already presented here, but as far as my understanding goes, the code you get to run here runs on a dedicated ARM unit, in dedicated memory, belonging exclusively to the WiFi chipset. That is, you'll need at least one other vulnerability concerning the interface between this chipset and the OS in order to get the main CPU running the system to execute your payload in the context of the OS.
It's a really interesting possibility, but apparently it is just as far from compromising Android/iOS as is an SQL injection from hijacking the whole system the website is hosted on. Nevertheless it opens up some new perspectives...

Steve Lawrence 45:35 for anyone who doesnt want to reload

Truth Seeker I was wondering this as well.

Probalby 24 bytes are not enough and you need to at least dupicate potential system calls to cover both iOS and Android. Rule2: No assumptions of the system.

i can definitely see a firmware attack used out of this if its even possible... like the hdd firmware patching modules that were unfinished in stuxnet back when it was running around with 0-days
and who knows what is in intel amt/me or amd psp/secure processor to flash.. the intel amt memory region on motherboard is the same as smm code
the ultimate persistence would be hardware or firmware..

maybe. if you inject code in ram and call flashing facilities

Sure. If you can find
something important you can overwrite, a flash or a serial eeprom maybe. It probably won't work without a proper config. That said, why would you? There's nothing to be gained from this, all it means is they will ditch the phone they're using and get a new one. Maybe one where this doesn't work.

@ChillSakura yaa 😂😂he need the link?? how

Probably. A lot of these exploits that are released at Blackhat after the time of reasonable disclosure has past, which gives plenty of time for developers to patch the exploits. If you're dragging your heels on patching the exploit, that's their problem, not his.

No

ty