Mobile Threat Catalogue

Device Driver or Firmware Software Exploit


Threat Category: Device Drivers


Threat Description: Privilege escalation, input validation, or buffer overflow vulnerabilities in a device driver or the associated firmware may allow an attacker to achieve arbitrary code execution in the context of the firmware or OS kernel, information disclosure, or denial-of-service attacks.

Threat Origin

Android Security Bulletin June 2016 1

Exploit Examples

Broadpwn: Remotely Compromising Android and iOS via a bug in the Broadcom’s Wi-Fi Chipset 2

CVE Examples

Possible Countermeasures


Use EMM/MDM solutions in combination with devices that successfully enforce a policy to maintain a minimum OS patch level and block access to enterprise resources to non-compliant or devices with known-exploitable vulnerabilities.

Purchase devices from vendors/carriers who have committed to providing timely updates or have good track records for providing prompt security updates.

Use EMM/MDM solutions in combination with other tools or device APIs (Android SafetyNet, Samsung Knox hardware-backed remote attestation, or other applicable remote attestation technologies) to detect and block enterprise connectivity from devices that show indications of device compromise.

To reduce the probability an exploit for a driver for a peripheral or OS-provided service that can be disabled via device management APIs, use EMM/MDM solutions in combination with devices that successfully enforces a policy to disable unauthorized resources, including temporarily disabling known-vulnerable resources until a security patch is available.

Mobile Device User

To reduce the probability an exploit for a driver for an access-controlled peripheral or OS-provided service (e.g., camera, microphone), use OS configuration settings to disable or block access to these resources, with a preference for global settings (e.g., disabling NFC device-wide) over app-specific permissions.


  1. “Android Security Bulletin June 2016”, 8 Dec. 2016; [accessed 8/29/2016] 

  2. N. Artenstein, “Broadpwn: Remotely Compromising Android and IOS Via a Bug in the Broadcom Wi-Fi Chipset”, [white paper], 2017; [accessed 08/08/2017]