If you have not updated your Android phone in July, or your Apple iPhone in the past week, you must update it now; if you do not, you risk hackers breaking into your phone--potentially intercepting your communications, seeing your data, or worse.
At Blackhat, security researcher Nitay Artenstein revealed that he had detected a serious bug in the firmware--that is, the built-in software that controls and monitors--a Broadcom chip commonly used by smartphone providers (commonly meaning every iPhone and many modern Android phones including Google's Nexus and Samsung's Galaxy series) to deliver part of their WiFi capabilities. Before disclosing the bug to the public, Artenstein reported it to Google and Apple, both of which have both issued patches that are delivered within the recent updates.
The bug that Artenstein discovered--which he has named Broadpwn--allows a hacker within Wi-Fi range of an unpatched phone to hack the phone, as well as to transform it into a rogue WiFi access point that would infect any smart devices that attach to it. The bug was part of the Broadcom firmware's code for "association"- the process which enables phones to search for familiar WiFi networks. The a bug allowed hackers to achieve what is known as a heap overflow- the software did not adequately ensure that data sent by the discovered Wi-Fi access point to the Broadcom chip arrived in proper form and size. By carefully coding, a hacker could send data to the Broadcom chip that would overflow into other parts of the smartphone's memory--allowing him or her to potentially send in commands that the device would execute.
The vulnerability--which highlights the difficult-to-address risk created by the practically unavoidable need of vendors to use third-party components within their smart devices--is believed to have been present in about one billion devices (yes, billion with a b) - but anyone who installed updates should be protected from it. So, if you have not run an update on your phone recently, the time to do so is now.