A new research paper has been published revealing that an attacker can extract passwords and manipulate web traffic on a Wi-Fi chip by targeting the Bluetooth component of mobile devices featuring multiple wireless technologies.
Smartphones, tablets and other modern mobile devices feature Systems on a Chip (SoC) that contain separate Bluetooth, Wi-Fi and LTE components each with their own dedicated security implication. However, these components often share many of the same resources like a device’s antenna or wireless spectrum.
Researchers from the University of Darmstadt, Brescia, CNIT and the Secure Mobile Networking Lab have discovered that it’s possible to use these shared resources as a bridge for launching lateral privilege escalation attacks across wireless chip boundaries according to a new report from Bleeping Computer.
If an attacker is able to exploit these vulnerabilities, they could achieve code execution, memory readout and denial of service.
Architecture and protocol flaws
In order to exploit these flaws, the researchers first needed to perform code execution on either the Bluetooth or Wi-Fi chip. After this was accomplished, they were then able to perform lateral attacks on a device’s other chips by using shared memory resources.
In total, the researchers found nine different vulnerabilities and while some can be fixed with a firmware update, others can only be fixed by a new hardware revision which puts billions of existing devices at risk of potential attacks.
During their testing the researchers looked into chips from Broadcom, Silicon Labs and Cypress which are present in billions of devices. After they reported the flaws to these chip vendors, some have released security updates to address them. However, some haven’t addressed them as they affect products that are no longer supported like the Nexus 5 and iPhone 6.
To prevent falling victim to any attacks exploiting these flaws, users should delete unnecessary Bluetooth device pairings, remove unused Wi-Fi networks from their device’s settings and use mobile data instead of public Wi-Fi.
We’ll likely hear more on these flaws once device manufacturers begin rolling out new firmware updates but unfortunately, some of these flaws may never be patched.
We’ve also featured the best endpoint protection software, best VPN and best wireless routers
Via Bleeping Computer