With ‘Spectra’, Researchers Highlight Fundamental Design Flaws in Wireless Communications Chips

Just a few days after the discovery of the Bluetooth-based BIAS attacks, some researchers have made another groundbreaking discovery, which is capable of challenging the fundamentals of architecture design for all wireless devices.

The Spectra Attack

A new attack, dubbed Spectra, is said to be capable of breaking the separation between Wi-Fi and Bluetooth technologies running on the same device, such as laptops, smartphones, and tablets.
  • In May 2020, the attack dubbed Spectra was developed by researchers in Germany, which takes advantage of the coexistence mechanisms of multiple wireless technologies included on a single chipset.
  • This attack works against "combo chips," specialized chips that handle multiple types of radio wave-based wireless communications, such as Wi-Fi, Bluetooth, LTE, etc. By carrying out side-channel attacks, an attacker can steal data from other wireless technologies the combo chip supports.
  • The analyzed chipsets include Broadcom and Cypress combo chips, which are used in millions of devices, such as all iPhones, MacBooks, and the Samsung Galaxy S series phones. Other combo chipset manufacturers are likely vulnerable to Spectra attacks as well.
  • The researchers did not provide more technical details about this attack, but they plan to present the details in August at the Black Hat 2020 security conference.

Recent groundbreaking discoveries

  • In May 2020, a vulnerability dubbed ‘Bluetooth Impersonation AttackS’ (BIAS) was identified in a large number of commercially available Bluetooth devices, including all major vendors selling smartphones, laptops, tablets, headphones, and system-on-chip boards, impacting billions of devices. 
  • In February 2020, a serious flaw dubbed KrØØk was found in Wi-Fi chips manufactured by Broadcom and Cypress, which impacted billions of Wi-Fi devices in use. It could cause the vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication, thus rendering encryption useless.

The bottom line

With the explosion of software-based vulnerabilities exploited in hacking attacks, organizations globally have paid less attention to some fundamental flaws in critical hardware components such as wireless communications chipsets and processors. Now, the discovery of the Spectra attack and other such threats have highlighted the need for increasing research and mitigation efforts for hardware-based vulnerabilities.