Pre-Release Fix to Broadcom “BroadPwn” Chip on Raspberry Pi Computers Now Available
Broadcom Wifi Chips in the BCM43xx family have been used widely in iPhones, Android phones, WiFi Access point routers and even Raspberry Pi Computers. Last month, Apple and Google released patches to fix the vulnerability onboard the Broadcom chip which can allow a remote attacker to take control over your computing device if your WiFi is turned on and the attacker is within WiFi reach of your device. The blog forum on the Raspberry Pi was relatively silent at first on the topic of whether the Raspberry Pi was also vulnerable.
A post yesterday confirmed that new firmware provided by Cypress (The company that now owns Broadcom) effectively patches against CVE-2017-9417 “Broadpwn” issue and CVE-2017-0572 Memory Corruption problems that effectively allows for an attacker within WiFi range to permanently take over a vulnerable device.
What is most concerning about the Raspberry Pi is that they have been used extensively across many industries including governments, smart cities, military, industrial controls, manufacturing, distribution, banking, medical, the energy sector, transportation and even water filtration processing. The next month before these patches get deployed, the whole world is at a much greater risk of a cyber attack on our infrastructure and businesses.
Given the ease of propagation of a compromise using what is known as a WiFi based WORM as demonstrated by security hackers at Defcon last month in Las Vegas, the likelihood is that our national infrastructure has been compromised in mass. Fortunately, there is now a fix that can prevent such attacks. See the original blog post at https://github.com/raspberrypi/linux/issues/1342#issuecomment-321221748 for more details.
Unfortunately, the Raspberry Pi foundation that writes the firmware for the Raspberry Pi computing platform has yet to issue their official release on their website, but I suspect this should be forthcoming in the next day or two given the severity of the problem they demonstrated the new Broadcom firmware appears to have eliminated the “BroadPwn” vulnerability. The pre-release file is available at https://drive.google.com/file/d/0B_P-i4u-SLBXUnAwLU9RSm9EMGc/view (No warranties by me on this!). I would probably wait for the official release on https://www.raspberrypi.org/downloads/noobs/ which should be out very soon.