ThreadX harbours serious bug, Billions of Wi-Fi enabled devices said to be affected

• Researcher outlines how ThreadX can be compromised in Marvell Avastar wireless chipsets.
• ThreadX-based Avastar is found in popular devices such as Sony PlayStation 4, Microsoft Surface devices, Xbox One, Samsung Chromebook and many other devices.

ThreadX RTOS, a popular OS found in almost every consumer electronics device, is believed to have a serious flaw in its firmware.

Embedi, a firm which engages in security solutions for electronic devices, has discovered this bug. One of its researchers, Denis Selianin has studied this extensively and has provided a detailed analysis.

Analyzing Wi-fi components

Marvell Avastar wireless SoC, the chipset series used in Selianin’s study, was analyzed for its firmware which drives the WiFi functionality. A vulnerability lay in the ThreadX component which was recurring frequently.

“One of the discovered vulnerabilities was a special case of ThreadX block pool overflow. This vulnerability can be triggered without user interaction during the scanning for available networks. This procedure is launched every 5 minutes regardless of a device being connected to some Wi-Fi network or not. That’s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of the wireless connection (even when a device isn’t connected to any network).” explained Selianin.

The researcher also emphasized another vulnerability, that is applicable to devices with a different ThreadX implementation other than that of Avastar. All put together, these vulnerability can exploit billions of Wi-Fi enabled devices that are generally powered by ThreadX.

Selianin suggests that wireless devices have more attack surfaces. Furthermore, device drivers have higher escalation rates from a device to a host processor. As of now, this vulnerability is not mitigated completely in affected devices and ThreadX has yet to come with a proper patch.