sockscap
Posts: 5
Joined: Thu Jan 14, 2016 6:57 am

Is Pi3 vulnerable to broadpwn wifi security flaw?

Sun Aug 06, 2017 12:33 am

It's reported that the issue exits in Broadcom’s BCM43xx family of WiFi chipsets. While Pi3 uses BCM43438, is it also affected?

User avatar
rpdom
Posts: 14685
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Sun Aug 06, 2017 5:53 am

Already been discussed a few times. The answer is "yes" and "Broadcom are working on a fix".

viewtopic.php?t=189740#p1193116

viewtopic.php?t=179728

sockscap
Posts: 5
Joined: Thu Jan 14, 2016 6:57 am

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Sun Aug 06, 2017 9:00 am

Thanks! Will keep an eye on the progress and hope a fix can be released soon.

PhilE
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 2279
Joined: Mon Sep 29, 2014 1:07 pm
Location: Cambridge

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Wed Aug 09, 2017 11:00 am

Cypress (was Broadcom) have released an updated firmware that fixes BroadPWN (CVE-2017-9417) and a few other issues. Details and instructions on how to download and test it can be found here.

Provided testing doesn't uncover any new issues we'll be making a formal release very soon.

runboy93
Posts: 352
Joined: Tue Feb 28, 2017 1:17 pm
Location: Finland
Contact: Website

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Mon Aug 14, 2017 5:34 am

This apply also for BCM43143?

User avatar
elkberry
Posts: 167
Joined: Wed Dec 28, 2016 9:21 pm

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Mon Aug 14, 2017 6:23 am

It applies to all RaspberryPis with integrated Wifi/WLAN, as can be read on the link given to the Raspbian issue on github.
From ZX81 to Raspberry Pi, but wait ... where's the 7805 gone?

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23059
Joined: Sat Jul 30, 2011 7:41 pm

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Mon Aug 14, 2017 7:48 am

runboy93 wrote:
Mon Aug 14, 2017 5:34 am
This apply also for BCM43143?
Odd question. This firmware is for the WiFi equipped models. What were you expecting it to be for?
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

User avatar
bensimmo
Posts: 4121
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Mon Aug 14, 2017 8:06 am

jamesh wrote:
Mon Aug 14, 2017 7:48 am
runboy93 wrote:
Mon Aug 14, 2017 5:34 am
This apply also for BCM43143?
Odd question. This firmware is for the WiFi equipped models. What were you expecting it to be for?
<Cough> that's "your" official WiFi dongle ;-)

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23059
Joined: Sat Jul 30, 2011 7:41 pm

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Mon Aug 14, 2017 2:50 pm

Ah, I see.

As far as I know, this is for boards with on board WiFi only. I'LL have to check re the Dongle. Won't be for a week or two, on holiday.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

User avatar
Paul Webster
Posts: 797
Joined: Sat Jul 30, 2011 4:49 am
Location: London, UK
Contact: Twitter

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Mon Aug 14, 2017 4:59 pm

The attack is based on buffer overflow in the firmware for the device.
The blackhat posting gives an example of a/the memcopy call that was subject to the overflow that could be exploited.
I think that someone from RPF, while jamesh is away, should be getting this checked.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23059
Joined: Sat Jul 30, 2011 7:41 pm

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Mon Aug 21, 2017 4:45 pm

With regard to new firmware for the Pi wireless dongle. We have just heard from Cypress that the chip/firmware in the dongle does not suffer from the broadpwn attack vulnerability, so new firmware is not necessary.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

User avatar
Paul Webster
Posts: 797
Joined: Sat Jul 30, 2011 4:49 am
Location: London, UK
Contact: Twitter

Re: Is Pi3 vulnerable to broadpwn wifi security flaw?

Mon Aug 21, 2017 4:59 pm

Thanks for the update James.

Return to “Advanced users”