1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Billions of Wi-Fi and Bluetooth devices vulnerable to password an

    From TechnologyDaily@1337:1/100 to All on Wed Dec 15 02:15:04 2021
    Billions of Wi-Fi and Bluetooth devices vulnerable to password and data theft attacks

    Date:
    Wed, 15 Dec 2021 02:00:25 +0000

    Description:
    Researchers have discovered a way to use shared resources on SoCs as bridges to launch lateral privilege escalation attacks.

    FULL STORY ======================================================================

    A new research paper has been published revealing that an attacker can
    extract passwords and manipulate web traffic on a Wi-Fi chip by targeting the Bluetooth component of mobile devices featuring multiple wireless technologies.

    Smartphones, tablets and other modern mobile devices feature Systems on a
    Chip (SoC) that contain separate Bluetooth, Wi-Fi and LTE components each
    with their own dedicated security implication. However, these components
    often share many of the same resources like a device's antenna or wireless spectrum.

    Researchers from the University of Darmstadt, Brescia, CNIT and the Secure Mobile Networking Lab have discovered that it's possible to use these shared resources as a bridge for launching lateral privilege escalation attacks across wireless chip boundaries according to a new report from Bleeping Computer .

    If an attacker is able to exploit these vulnerabilities, they could achieve code execution, memory readout and denial of service. Architecture and protocol flaws

    In order to exploit these flaws, the researchers first needed to perform code execution on either the Bluetooth or Wi-Fi chip. After this was accomplished, they were then able to perform lateral attacks on a device's other chips by using shared memory resources.

    In total, the researchers found nine different vulnerabilities and while some can be fixed with a firmware update, others can only be fixed by a new hardware revision which puts billions of existing devices at risk of
    potential attacks.

    During their testing the researchers looked into chips from Broadcom, Silicon Labs and Cypress which are present in billions of devices. After they
    reported the flaws to these chip vendors, some have released security updates to address them. However, some haven't addressed them as they affect products that are no longer supported like the Nexus 5 and iPhone 6 .

    To prevent falling victim to any attacks exploiting these flaws, users should delete unnecessary Bluetooth device pairings, remove unused Wi-Fi networks from their device's settings and use mobile data instead of public Wi-Fi .

    We'll likely hear more on these flaws once device manufacturers begin rolling out new firmware updates but unfortunately, some of these flaws may never be patched.

    We've also featured the best endpoint protection software , best VPN and
    best wireless routers

    Via Bleeping Computer



    ======================================================================
    Link to news story: https://www.techradar.com/news/billions-of-wi-fi-and-bluetooth-devices-vulnera ble-to-password-and-data-theft-attacks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)