Raspberry Pi owners: Update now to block this Wi-Fi hack

The update from the old Debian Jessie-based version of Raspbian includes various security fixes, including a patch for the Broadpwn Wi-Fi vulnerability.

Video: Raspberry Pi boards forced to mine cryptocurrency by Linux trojan

The official OS for the $35 Raspberry Pi computer has been updated, fixing a bug that could allow the Pi to be hacked via its Wi-Fi chip.

The Pi's official Raspbian OS is built on the Linux-based OS Debian and has been updated to the latest Debian 9 release, known as Stretch.

The update from the old Debian Jessie-based version of Raspbian includes various security fixes, including a patch for the Broadpwn vulnerability.

Broadpwn is a bug in the Broadcom43xx Wi-Fi chipset used by the Raspberry Pi 3 and the $10 Pi Zero W. The vulnerability, CVE-2017-9417, leaves the chipset susceptible to a memory-corruption exploit that allows an attacker within Wi-Fi range to execute attack code on the Wi-Fi chip.

The same Wi-Fi chip is used in recent iPhones and iPads, and last month Apple updated iOS 10 to patch the bug.

SEE: Hardware spotlight: The Raspberry Pi

The Stretch update also shuts down another route for attackers, by changing the permissions assigned to the X.Org windowing system that powers Raspbian's graphical desktop, as well improving built-in cryptography tools.

More than 14 million Raspberry Pi boards have been sold, making the boards an increasingly tempting platform for malware makers. In June, it emerged the board was being targeted by a cryptocurrency mining Trojan.

Apart from the under-the-hood changes that the Stretch update brings to Raspbian, the Raspberry Pi Foundation has also refreshed a few of Raspbian's bundled applications.

The Chromium web browser has been updated to the most recent stable release, version 60, which the Foundation says should improve performance and make memory usage more efficient.

Desktop applications will also no longer assume that the user 'pi' is the current user, and will automatically log in with the name of the current user instead. Desktop applications that require sudo access will also ask for the password when required, rather than simply failing to work.

Drag-and-drop coding tool Scratch 2 can now also be used with SenseHAT, an add-on board that is bundled with various sensors, a joystick and an LED matrix that the Pi can interact with. Meanwhile, SonicPi has also been upgraded to add new input/output functionality.

The latest version of Raspbian is available from the Downloads section of the Raspberry Pi Foundation site. Existing versions of Raspbian based on Debian Jessie can be also upgraded via the command line using instructions on this page, although this approach is not guaranteed to work.

Read more about the Raspberry Pi