• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Data Breach » Broadpwn Revisited

Broadpwn Revisited

2017-08-09 by Max

We’ve previously covered the Broadpwn exploit, and today we’ll be revisiting it. As previously discussed, the Broadpwn hack takes advantage of a vulnerability in the hardware used by Android devices. The manufacturer has been lax in keeping their software up to date, so even though Google has current security definitions their hardware doesn’t. This creates a vulnerability, one that is relatively common but hard to patch. The hardware developer has to come up with the definitions, encode them in a way that doesn’t interfere with the hardware or the OS it’s part of. This sort of software development is beyond the ken some hardware manufacturers, or it may be outsourced entirely.

Most people never consider that their device could be physically hacked, and in most cases they can’t. The idea of a program that remotely takes over the infected device without any interaction with its user is a common piece of Hollywood fiction. Except, programs like that do exist. They’re rare, and usually patched as soon as they crop up. What makes Broadpwn so dangerous is that it’s one of those rare attacks that can take your device without you doing anything. Once it’s in, it can take over your device and start spreading the infection. Your device can be remotely controlled by the attacker, who will have total access to your files and systems. This means that they can install any other programs they want to, like a keystroke logger. They could also use their access to your device to infiltrate your entire WiFi network, including your router. This means that any attempt to clean our your system will require more then just purging your device. Any connected network may host it now, and your own home network is more then likely compromised. You may have to go so far as to buy a new router if you can’t be sure that you’ve cleaned every last bit of Broadpwn out.

Broadpwn exploit works by attacking the infrastructure of your phone, rather then attempting a more traditional method. Most hack attempts focus on breaking into the core processors and code of the device, like attacking a castle. The encryption and security requirements make a wall that the attack has to overcome or break through before they can do anything. Much like a castle, even penetrating the walls doesn’t grant access to the entire thing. Processors may be quarantined from other systems to prevent a complete takeover from occurring, and as systems are lost the user becomes aware of the attacker. Therefore any hack has to be very stealthy or very quick, allowing no time for the user to respond to the attack.

Broadpwn is different, it doesn’t go over the walls of your phone. It doesn’t even near them, instead, it’s sitting out in a field controlling what flows into your castle. Broadpwn takes control of the undefended systems that control what data is allowed in and out of your phone, and those processors have unrestricted access to the rest of your device. Broadpwn can go anywhere it wants, slipping into all other systems from that one weak point. While this is obviously a massive vulnerability, attacks like Broadpwn happen so rarely that hardware developers are mostly complacent. It’s expensive to keep security definitions up to date, and if attacks almost never occur is it really worth it to spend that money?

Filed Under: Data Breach

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version