Hi all, About a month ago, we learned that there was a vulnerability in the WiFi firmware on many phones [1]. I didn't know until then that the WiFi device has its own system-on-a-chip (SoC) that runs its own code, and has access to system RAM. The vulnerability apparently allows an attacker to execute arbitrary code in the SoC, and from there take over the entire device [2][3]. Apple, to their credit, patched a range of obsolete devices in addition to current ones [4]. Google seems to only be patching current devices, and it seems unlikely that other Android manufacturers will push out an update to old devices either. The response from the Android community seems to be to bury their heads in the sand [5]. When I asked in #lineageos about it, I got the impression that they couldn't include the patched firmware for my device (although things may have changed). I find this all incredibly frustrating. I have an otherwise perfectly good Nexus 5, which now has to have WiFi permanently disabled. Effectively I need a new phone. A pox on proprietary firmware and impractical update mechanisms! A user on Slashdot said to "vote with your wallet". But there doesn't seem to be a good option: iPhone, which isn't remotely open but at least seems to get patched, or Android, which claims to be open but is closed where it really counts. Is there a practical third option that I'm missing? Sorry for the rant. Is anyone else as frustrated by this as I am? Alex [1] https://googleprojectzero.blogspot.com.au/2017/04/over-air-exploiting-broadc... [2] https://googleprojectzero.blogspot.com.au/2017/04/over-air-exploiting-broadc... [3] https://security.stackexchange.com/questions/157336/does-a-compromised-kerne... [4] https://it.slashdot.org/comments.pl?sid=10454409&cid=54183761 [5] https://android.stackexchange.com/questions/172993/ota-wifi-vulnerability-wh...