• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
Search This thread

allrightlite

Senior Member
Oct 18, 2016
1,627
342
Google Pixel 3a
All fine on Z Play with LOS14.1 :eek:
 

Attachments

  • photostudio_1501254388573.jpg
    photostudio_1501254388573.jpg
    253.4 KB · Views: 1,423

boostnek9

Senior Member
Feb 12, 2010
570
272
Toronto
Is this checking 43XX or only specific models? Based on the CVE my S8 is affected seeing as it's BCM43xx (S8 is BCM4361 )
 

AlexX-DE

Senior Member
Apr 7, 2013
408
331
Germany
All fine on my Motorola Nexus 6 with latest Pure Nexus Rom :good:

Sent from my Nexus 6 using XDA Labs
 

Attachments

  • Screenshot_20170728-201717.png
    Screenshot_20170728-201717.png
    121.8 KB · Views: 864

PhantasmRezound

Senior Member
Mar 15, 2012
865
515
Atlanta, GA
www.soundcloud.com
WARNING TO ALL

Bogus results, do not trust this app at the time of this post! States my WiFi chip in my LG G5 is "made by LG Electronics" and I'm safe from BroadPwn. However, a physical teardown (https://www.ifixit.com/Teardown/LG+G5+Teardown/61205) clearly shows the motherboard using a vulnerable Broadcom BCM43xx series chip, namely Broadcom BCM43455.

LG's own Security Bulletin page also has not listed BroadPwn's code CVE-2017-9417 yet, so it is still not patched by the manufacturer and thus is vulnerable. (https://lgsecurity.lge.com/security_updates.html)

The information this app is pulling from the system is inaccurate. MAC Addresses tell you the manufacturer of the entire device, NOT the specific WiFi chip on the motherboard itself. Otherwise Samsungs and LGs and Apples would *all* be listed as "Broadcom" in router logs...

Many here actually have Broadcom chips and are now duped into a false sense of security as a result of this app. This needs to be removed from here and the XDA Portal ASAP before more are fooled. Users, please remain skeptical and investigate your hardware more closely than just this one app.
 

LLStarks

Senior Member
Jun 1, 2012
1,596
611
Please update the app to detect BCM4361 in S8/S8+. It should not be looking at the Murata packaging.
 

SARG04

New member
Oct 14, 2016
4
3
The app uses the wifi mac address and runs it again a mac address database.
That is not a working solution to detect the wifi chip in a smartphone.
The OnePlus 3 uses a Qualcomm QCA6174 chip. But it is detected as "OnePlus Tech (Shenzhen)Ltd" because they use their own mac address like nearly every smartphone vendor

It would be better to use other hardware IDs e.g. the one you get via lspci.

If you are not checking the patch level the Nexus 6 should be listed as vulnerable as it is listed in the original article.
 

vndnguyen

Senior Member
Sep 11, 2009
4,254
1,920
Vinnitsa
MAC Addresses tell you the manufacturer of the entire device, NOT the specific WiFi chip on the motherboard itself.
Nope, the above quoted clause is not correct.

My Galaxy Note 4 comes with the WiFi MAC address 90:B6:86:1A:74:FE and it's from Murata Manufacturing Co. (a manufacturer from Japan), not from Samsung itself.
 
  • Like
Reactions: celoxocis

PhantasmRezound

Senior Member
Mar 15, 2012
865
515
Atlanta, GA
www.soundcloud.com
Nope, the above quoted clause is not correct.

My Galaxy Note 4 comes with the WiFi MAC address 90:B6:86:1A:74:FE and it's from Murata Manufacturing Co. (a manufacturer from Japan), not from Samsung itself.

Let me clarify by revising that statement to be "MAC Address will tell you the network components' vendor (may or may not match manufacturer of the rest of the device), but NOT the specific chips used as part of the networking circuits."

That's why BroadPwn is a very scary exploit, the Broadcom 43xx chips are used as part of many different networking packages and rebrandings from vendors other than Broadcom itself. This chip family is so common it affects billions of mobile devices.

**Your rebuttal precisely shows yourself to be at risk.**

Murata Manufacturing Co. is sourced on many Smasung devices to provide networking components, but they source specific chips from others. If you look at their products pages you will find they list the specific chipsets used, many of which are Cypress brand chips. e.g. http://wireless.murata.com/eng/products/rf-modules-1/wi-fi-bluetooth.html

Cypress acquired Broadcom; all CYW43xx chips are direct renames of BCM43xx chips mentioned at the heart of the BroadPwn exploit. http://www.cypress.com/documentatio...wifi-ieee-80211ac-macbasebandradio-integrated (PDF link on that page explains the renaming of the chip series.)

To summarize: Samsung often uses Murata packages, which include Cypress, which includes Broadcom. In the case of your Galaxy Note 4, it has a BCM4358 chip in it.
http://www.anandtech.com/show/8613/the-samsung-galaxy-note-4-review/9

BCM4358 is specifically listed as a known vulnerable target of the BroadPwn exploit. It will be discussed in detail at Black Hat USA 2017.
https://nvd.nist.gov/vuln/detail/CVE-2017-9417
https://www.blackhat.com/us-17/brie...os-via-a-bug-in-broadcoms-wi-fi-chipsets-7603

If I may ask the exact method of your app, is it simply looking up the MAC Address against a vendor database? If so,1) Vendors not named Broadcom that use BCM43XX chips as a piece of their packages will erroneously show as OK, and 2) Broadcom's own networking products not including chips from the BCM43XX family may falsely be reported as vulnerable.

All of this said, please reconsider keeping your app published as it is; either take it down or revise the code ASAP. To reiterate it is dangerous to erroneously tell other device owners they are safe based on MAC Address info alone, just because it returns a vendor value other than "Broadcom". A vulnerable BCM43xx chip likely still lurks underneath the other names.
 
Last edited:

vndnguyen

Senior Member
Sep 11, 2009
4,254
1,920
Vinnitsa
OK thank you all for your clarifications.

To avoid misunderstanding, I have removed the "BroadPwn check".
The app now only shows WiFi MAC vendor from the WiFi MAC address.
It does not check for the BroadPwn issue anymore.

Sorry for the inconvenience.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 19
    This app simply shows WiFi chipset vendor from the WiFi MAC Address.

    Download WiFi Chipset INFO: https://play.google.com/store/apps/details?id=org.vndnguyen.wifichipset

    Enjoy!
    8
    WARNING TO ALL

    Bogus results, do not trust this app at the time of this post! States my WiFi chip in my LG G5 is "made by LG Electronics" and I'm safe from BroadPwn. However, a physical teardown (https://www.ifixit.com/Teardown/LG+G5+Teardown/61205) clearly shows the motherboard using a vulnerable Broadcom BCM43xx series chip, namely Broadcom BCM43455.

    LG's own Security Bulletin page also has not listed BroadPwn's code CVE-2017-9417 yet, so it is still not patched by the manufacturer and thus is vulnerable. (https://lgsecurity.lge.com/security_updates.html)

    The information this app is pulling from the system is inaccurate. MAC Addresses tell you the manufacturer of the entire device, NOT the specific WiFi chip on the motherboard itself. Otherwise Samsungs and LGs and Apples would *all* be listed as "Broadcom" in router logs...

    Many here actually have Broadcom chips and are now duped into a false sense of security as a result of this app. This needs to be removed from here and the XDA Portal ASAP before more are fooled. Users, please remain skeptical and investigate your hardware more closely than just this one app.
    7
    Nope, the above quoted clause is not correct.

    My Galaxy Note 4 comes with the WiFi MAC address 90:B6:86:1A:74:FE and it's from Murata Manufacturing Co. (a manufacturer from Japan), not from Samsung itself.

    Let me clarify by revising that statement to be "MAC Address will tell you the network components' vendor (may or may not match manufacturer of the rest of the device), but NOT the specific chips used as part of the networking circuits."

    That's why BroadPwn is a very scary exploit, the Broadcom 43xx chips are used as part of many different networking packages and rebrandings from vendors other than Broadcom itself. This chip family is so common it affects billions of mobile devices.

    **Your rebuttal precisely shows yourself to be at risk.**

    Murata Manufacturing Co. is sourced on many Smasung devices to provide networking components, but they source specific chips from others. If you look at their products pages you will find they list the specific chipsets used, many of which are Cypress brand chips. e.g. http://wireless.murata.com/eng/products/rf-modules-1/wi-fi-bluetooth.html

    Cypress acquired Broadcom; all CYW43xx chips are direct renames of BCM43xx chips mentioned at the heart of the BroadPwn exploit. http://www.cypress.com/documentatio...wifi-ieee-80211ac-macbasebandradio-integrated (PDF link on that page explains the renaming of the chip series.)

    To summarize: Samsung often uses Murata packages, which include Cypress, which includes Broadcom. In the case of your Galaxy Note 4, it has a BCM4358 chip in it.
    http://www.anandtech.com/show/8613/the-samsung-galaxy-note-4-review/9

    BCM4358 is specifically listed as a known vulnerable target of the BroadPwn exploit. It will be discussed in detail at Black Hat USA 2017.
    https://nvd.nist.gov/vuln/detail/CVE-2017-9417
    https://www.blackhat.com/us-17/brie...os-via-a-bug-in-broadcoms-wi-fi-chipsets-7603

    If I may ask the exact method of your app, is it simply looking up the MAC Address against a vendor database? If so,1) Vendors not named Broadcom that use BCM43XX chips as a piece of their packages will erroneously show as OK, and 2) Broadcom's own networking products not including chips from the BCM43XX family may falsely be reported as vulnerable.

    All of this said, please reconsider keeping your app published as it is; either take it down or revise the code ASAP. To reiterate it is dangerous to erroneously tell other device owners they are safe based on MAC Address info alone, just because it returns a vendor value other than "Broadcom". A vulnerable BCM43xx chip likely still lurks underneath the other names.
    5
    I believe this app just looks at the MAC Address OUI of your wifi interface - which is not an accurate way of determining if your phone is potentially vulnerable to Broadpwn
    3
    v1.0.2: Minor bug fixes.
    v1.0.1: Initial release.