- A researcher demonstrated how Android phones can be taken over via attacks deployed through compromised Wi-Fi signals, according to ARS Technica.
- The vulnerability allowed the execution of malicious code on a fully updated Android phone "by Wi-Fi proximity alone, requiring no user interaction."
- The problem is made possible by a Wi-Fi chipset made by Broadcom and used in iOS and Android devices. Apple issued a patch earlier this week.
The vulnerability is notable because Google's Android just became the most popular operating system (OS), web analytics company StatCounter announced this week. Because Google never developed an easy way to fix vulnerabilities, Android users are without a patch bundle. It is expected sometime this month.
Some security experts have suggested Android users disable their Wi-Fi, but in this case that won't necessarily prevent the problem. Others suggest avoiding connecting to public Wi-Fi hotspots.
IT leaders may want to remind mobile workers that, with or without the latest vulnerability, connecting to unsecured Wi-Fi hotspots can compromise enterprise security. Experts suggest people employ a VPN when joining public Wi-Fi, which anonymizes their data while connecting to public hotspots to ensure that connections remain secure.