Researchers have recently discovered and published a paper to prove that it is possible to manipulate traffic and extract passwords on a WiFi chip. The researchers have targeted a Bluetooth component in devices by exploiting multiple bugs.
New attacks on Wi-Fi
According to the research paper, mobile devices use separate wireless chips to manage wireless technologies. Also, these chips share the same components and resources that improve the efficiency of a device.
- Hackers may exploit those shared resources (for e.g. antenna or wireless spectrum) to launch lateral privilege escalation attacks across wireless chip boundaries. Experts are calling it coexistence attacks, which impact billions of devices worldwide.
- WiFi chips normally encrypt network traffic and hold the current WiFi credentials. An attacker can run malicious code on a compromised WiFi chip without it being connected to a wireless network and pilfer passwords.
- In the current demo, researchers showed privilege escalations from a Bluetooth chip to code execution on a Wi-Fi chip. Here this enables a third party to identify keystroke timings on Bluetooth keyboards to reconstruct entered texts.
Practical coexistence attacks
The researchers demonstrated coexistence attacks on Cypress, Silicon Labs, and Broadcom chips. Moreover, the researchers achieved WiFi code execution, denial of service, and memory readout threats as well. Attackers can also execute code by abusing an unpatched security issue over-the-air or local OS update mechanism. What’s more worrying? Some of these issues cannot be fixed without changing hardware design.
Ending notes
The recent research paper has been shared with chip vendors, and only some have released security updates against the bug so far. As many devices still remain exposed to the attack, chip vendors are requested to take proactive measures for better protection.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_240120346.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_488361232.jpg)
