1. 6
  1.  

  2. 1

    This seems like another case where proprietary firmware causes problems. If the code was open for researchers to audit, this would’ve been caught much sooner. Security through obscurity doesn’t work. Edit: I can’t put my finger on it but there also seems to be something kinda problematic about the disclosure timeline here? Admittedly I’m far less familiar with the norms outside of the Linux world, but it seems like Google and the researcher should’ve coordinated patch timelines with Apple. (Presumably details aren’t officially public because it’s so recent, otherwise that’d be a problem too.)

    1. 5

      Keep in mind we are now entering the pre blackhat hype cycle. Every talk must be accompanied by a sneak preview announcement that reveals no details other that we are all doomed, doomed, doomed.

      Common phrases in such articles include “nobody knows how many devices are affected, but it could be every computer ever made” and the like. Later, after the talk when the details are delivered, we will be able to determine how many computers are affected.

      1. 1

        hm? This is old.

        1. 1

          Prior references?

          1. 1

            Sorry, I was referring to this, which is apparently a different issue.

            https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html

            You’re probably right about the blackhat conference-related hype.

            That being said, if this is a family of exploits, then… What do you get when there is an exploit in a device that can be triggered by a transmission from another of the same type of device? Phone to phone, let’s say… Wifi has a pretty long range!

        2. 1

          Ahhhhhhhhhh. Okay. That explains a lot :D