Mobile Phones Under Attack from Bluetooth & Wi-Fi
First published: 07/11/2019
updated: 22/10/2022
Erik Vasaasen
As the use of mobile phones grow, so does our need for concern regarding the safety of user information. Here we discuss what causes mobile vulnerabilities, and how we at Okay are working to ensure safe execution environments.
Insecure Wi-Fi Firmware
Over the years, there have been countless reports regarding the vulnerabilities threatening our mobile phones. It’s why many of us in the payment security field consider it to be the ‘mobile OS headache’. Take 2017 for example, when one such story emerged about the Wi-Fi chip made by Broadcom - a tiny piece of technology powering almost all modern smartphones.
The vulnerability, known as ‘BroadPwn’, allowed a smartphone to be infected simply by looking for known networks, something that all mobile phones do regularly. In theory, the vulnerability could be used convert the Wi-Fi chip into an access point. This allowed it to automatically spread itself to other phones, giving it the potential to spread across the world in just a few hours.
Any phone without an updated operating system was vulnerable for the attack, exposing over a billion users. Furthermore, Broadcom also made chips for computers, so if a laptop didn’t have an updated OS or drivers, it too was likely vulnerable. You can read more about what happened with BroadPwn with this overview published on Wired in 2017.
Insecure Bluetooth Drivers
While the Broadcom vulnerability was based on insecure Wi-Fi firmware, a different vulnerability can be found in Bluetooth drivers across Windows, Linux (including Android), and in older iOS versions.
This vulnerability allows an attacker to connect to an active Bluetooth device, and by sending a specially crafted connection packet, it is possible to execute code included within the packet. This attack is different from the vulnerability in the Broadcom chip in the way it requires the attacker to connect to you, and that the vulnerability is actually in OS software, not in the firmware run directly on the chip.
Common to both of these attacks is that they are “click-less”. In other words, there is no interaction required from the user of the phone. This makes the attack extremely dangerous, as there is no way to know whether you’ve been exposed to an attack or not. The only possible exception comes from having both Bluetooth and Wi-Fi disabled on your phone.
Feel Secure with Okay
At Okay, we believe that it’s not possible to claim any operating system on a modern smartphone as one hundred percent secure. New or old, all phones face well-known security vulnerabilities, although the ones found so far likely represent only a small fraction of culprits.
One example is that the 3G and GSM chips found in modern smartphones often have firmware going back a decade. Obviously the producers of these chips never imagined how easy it would be to one day make your own, making it a given that there are vulnerabilities in these chips.
In order to protect your applications, Okay has chosen a different route: enabling a secure execution environment inside your apps for each individual transaction verification. Unique to the software release, this makes it much harder for an attacker to infiltrate your app.
At are core, we are a Strong Customer Authentication platform that combines secure execution environments, dynamic linking, and verification of possession. To prepare for The Revised Payment Services Directive (PSD2) requirements, download our white paper which offer more information on the Okay platform, as well as current industry challenges related to SCA.