IE 11 is not supported. For an optimal experience visit our site on another browser.

Black Hat 2017: A Wi-Fi Hopping Worm Targeting Smartphones

Called Broadpwn, the vulnerability was shared during a presentation at Black Hat, the annual security conference in Las Vegas.
Image: Used cellphones
A display of old mobile phones is seen inside an O2 Mobile Phone Store, part of Telefonica SA, on Grafton Street in Dublin, Ireland, on Wednesday, June 12, 2013. Bloomberg / Bloomberg via Getty Images

LAS VEGAS - If you haven't updated your smartphone with the latest operating system or security fix, you're probably going to want to do it now.

Broadpwn, a vulnerability in a Wi-Fi chip found in more than a billion phones, could allow a hacker within Wi-Fi range to take over your smartphone, according to research presented on Thursday at the Black Hat security conference in Las Vegas.

Image: Cellphone Security
People use their phones in the relaxation area of the Mobile World Congress in Barcelona, 2014.Lluis Gene / AFP/Getty Images file

Not only that, but the hacker could then use your infected smartphone as an access point to attack other phones in the area, acting as a Wi-Fi worm. The scariest part: You don't have to do anything to get infected and the hacker can take over your system without it crashing - or you noticing.

Related: Las Vegas Is More Hackable Than Ever — But It May Be a Good Thing

Almost the entire range of flagship Samsung phones, various iPhones, and devices made by HTC, LG, and Nexus have the Broadcom BCM43xx family of Wi-Fi chips, which were found to have a vulnerability.

Smartphone hacking is heavily focused on operating systems, but researcher Nitay Artenstein, who spent a year reverse engineering the Wi-Fi chips and pouring through code, said in his research that this shows how important it is to test peripheral components.

"Old school hackers often miss the 'good old days' of the early 2000s, when remotely exploitable bugs were abundant, no mitigations were in place to stop them, and worms and malware ran rampant," he wrote in a blog post. "But with new research opening previously unknown attack surface such as the BCM WiFi chip, those times may just be making a comeback."

But of course, there's good news. The vulnerabilities have been patched. If you're an iPhone user and haven't updated your operating system to iOS 10.3.3 or an Android user who hasn't completed the July security update, you'll want to that right away.