Broadpwn Revisited

We’ve previously covered the Broadpwn hack, and today we’ll be revisiting it. As previously discussed, the Broadpwn hack takes advantage of a vulnerability in the hardware used by Android devices. The manufacturer has been lax in keeping their software up to date, so even though Google has current security definitions their hardware doesn’t. This creates a vulnerability, one that is relatively common but hard to patch. The hardware developer has to come up with the definitions, encode them in a way that doesn’t interfere with the hardware or the OS it’s part of. This sort of software development is beyond the ken some hardware manufacturers, or it may be outsourced entirely.

Most people never consider that their device could be physically hacked, and in most cases they can’t. The idea of a program that remotely takes over the infected device without any interaction with its user is a common piece of Hollywood fiction. Except, programs like that do exist. They’re rare, and usually patched as soon as they crop up. What makes Broadpwn so dangerous is that it’s one of those rare attacks that can take your device without you doing anything. Once it’s in, it can take over your device and start spreading the infection. Your device can be remotely controlled by the attacker, who will have total access to your files and systems. This means that they can install any other programs they want to, like a keystroke logger. They could also use their access to your device to infiltrate your entire WiFi network, including your router. This means that any attempt to clean our your system will require more then just purging your device. Any connected network may host it now, and your own home network is more then likely compromised. You may have to go so far as to buy a new router if you can’t be sure that you’ve cleaned every last bit of Broadpwn out.

Broadpwn works by attacking the infrastructure of your phone, rather then attempting a more traditional method. Most hack attempts focus on breaking into the core processors and code of the device, like attacking a castle. The encryption and security requirements make a wall that the attack has to overcome or break through before they can do anything. Much like a castle, even penetrating the walls doesn’t grant access to the entire thing. Processors may be quarantined from other systems to prevent a complete takeover from occurring, and as systems are lost the user becomes aware of the attacker. Therefore any hack has to be very stealthy or very quick, allowing no time for the user to respond to the attack.

Broadpwn is different, it doesn’t go over the walls of your phone. It doesn’t even near them, instead its sitting out in a field controlling what flows into your castle. Broadpwn takes control of the undefended systems that control what data is allowed in and out of your phone, and those processors have unrestricted access to the rest of your device. Broadpwn can go anywhere it wants, slipping in to all other systems from that one weak point. While this is obviously a massive vulnerability, attacks like Broadpwn happen so rarely that hardware developers are mostly complacent. It’s expensive to keep security definitions up to date, and if attacks almost never occur is it really worth it to spend that money?