How dangerous could Broadpwn be for smartphones?

iStock credit: Marco_Piunti

A bug found in the chips of iPhone, Samsung Galaxy and Google Nexus devices could be utilised to develop malware that jumps from one device to another.

This is according to security expert Nitay Artenstein, who initially discovered the issue and has warned users to update their operating systems as soon as possible to protect their handset from attacks.

Labelled Broadpwn, the security flaw affects phones by capitalising on a variety of specific flaws in Wi-Fi chips manufactured by Broadcom. This allows hackers to write programs directly on the chip and control it.

“When I started working in this field, we had worms, self-propagating malware which could be run across the network. There were quite a few in the good old days. They died out, together with remote exploits: worms pretty much need them to propagate.

“But Broadpwn is a perfect bug for this kind of thing. A pretty good location to make the first Wi-Fi worm and the first network worm in a few years,” Mr Atenstein explained.

Malware can spread quickly through devices via Wi-Fi networks, making it vital for businesses to properly educate their staff on cyber threats.

How can companies prepare for these viruses?

In order for businesses to protect themselves against cyber attacks, it is key that all staff are properly engaged with in-house security protocol. If the right attitude is not adopted, companies could find themselves vulnerable to a host of threats.

With Bring Your Own Device (BYOD) trends continuing to rise in popularity, it is easy for employee-owned hardware to leave security networks susceptible as many people are not aware of how viruses can transfer between smartphones and tablets.

To make sure your company is not leaving itself at risk, it is important that all tools being used on networks are properly scanned for viruses and other threats. Employee should also be made aware of any common viruses in circulation and advised on how to avoid them.

By putting a strict BYOD policy in place, staff will be educated in cyber crime and understand exactly what to look out for.

To do this, a number of key rules must be set. These could include not allowing any apps not verified by Apple and Google’s own stores,which will help to ensure that malware does not enter the network.

All devices should also have strong password-protection in order to reduce the threat of cyber attacks, and any tablets or smartphones no longer supported by their operating system should not be allowed.