A security researcher on Monday discovered that spy malware Broadpwn has been lurking in iOS and macOS devices. Broadpwn, as described, can execute arbitrary code on a device's Wi-Fi chipset to manipulate it. Before even hitting Apple's devices, the vulnerability first made a series of attacks to millions of Android devices recently.
Google has released Android's July security update that includes at least 138 fixes—18 of which are classified as Remote Code Execution (RCE), which means a person has the ability to control the infected device if the exact conditions are met. One of the 18 fixes was intended for Broadpwn.
To determine whether the Android device has Broadpwn lurking within it, an app named WiFi Chipset INFO is available for free download from the Google Play Store. Once the app is installed and ran, it checks the Wi-Fi chipset of the device and determines its manufacturer. The important part comes when the app pins down whether a device is in danger of Broadpwn or not.
If the device is constantly updated by the manufacturer in a timely manner, the risk of being affected by the spying malware ranges between little to no chance. However, in the most unfortunate situation that the device is already sick, be aware that the people behind the malware have full control of the device.
Broadpwn opens a gateway for malicious data to travel to a device through a Wi-Fi network. Once the vulnerability secures itself in the device, attackers will have access to the device's data and contents and mine them, even the Android system itself.
Devices that are prone to the vulnerability are those with Wi-Fi chips made by Broadcom. Some of the manufacturers using their product include Samsung for the Galaxy phones and Google for the Pixel phones.
