OpenSource For You
Raspberry Pi gets a fix for Broadpwn Wi-Fi exploit
Days after the release of Debian 9, the Raspberry Foundation has brought out a new Raspbian OS version. The new update, codenamed Stretch, includes a list of optimisations and fixes a vulnerability that had impacted several mobile devices and single-board computers in the past.
Called Broadpwn, the bug was discovered in the firmware of the BCM43xx wireless chipset in July this year. It affected a wide range of hardware, including Raspberry Pi 3 and Pi Zero
W, as well as various iPhone and iPad models. Potentially, the zero-day vulnerability lets an attacker take over the wireless chip and execute a malicious code on it. The Stretch release comes with a patch for the loophole to avoid instances of any hacks and attacks on Raspberry Pi.
While the Jessie build had PulseAudio to enable audio support over Bluetooth, the new Raspbian release has the bluez-alsa package that works with the popular ALSA architecture. You can use a plugin to continue to use PulseAudio.
The latest version also has better handling of usernames other than the default ‘pi’ account. Similarly, desktop applications that were previously assuming the ‘pi’ user with passwordless sudo access will now prompt for the password.
Raspbian Scratch has additionally received an offline version of the Scratch 2 with Sense HAT support. Besides, there is an improved Sonic Pi and an updated Chromium Web browser.
The Raspberry Pi Foundation recommends that users update their single-board computers using a clean image. You can download the same from its official site. Alternatively, you can update your Raspberry Pi by modifying the sources.list and raspi.list files. The manual process also requires renaming of the word ‘jessie’ to ‘stretch’.