Recently, researchers have discovered and released a paper demonstrating that a WiFi chip may be used to manipulate traffic and extract passwords. By exploiting multiple bugs, the researchers targeted a Bluetooth component in devices.
The research paper noted that to manage wireless technologies, mobile devices use separate wireless chips. Furthermore, these chips share the same components and resources, which improves a device’s efficiency.
Hackers could exploit the shared resources such as antennas or wireless spectrum to launch lateral privilege escalation attacks across wireless chip boundaries. Coexistence attacks, as they’re known among experts, affect billions of devices around the world.
WiFi chips encrypt network traffic and store the current WiFi credentials in most cases. Without being connected to a wireless network, an attacker can run malicious code on a hacked WiFi chip and steal passwords.
Researchers demonstrated privilege escalation from a Bluetooth chip to code execution on a Wi-Fi chip. This allows a third party to reconstruct entered texts by identifying keystroke timings on Bluetooth keyboards.
Real Coexistence Attacks
Coexistence attacks on Cypress, Silicon Labs, and Broadcom chips was demonstrated by the researchers. Furthermore, the researchers also managed WiFi code execution, denial of service, and memory readout threats. Attackers can also execute the code
By exploiting an unpatched security issue over-the-air or local OS update mechanism, attackers can also execute the malicious code. What is more worrisome is the fact that some of these issues are unsolvable without a change in hardware design.
Conclusion
The latest research paper have been shared with the chip vendors and only a few have released security fixes against the bug. As several devices are still vulnerable to the attack, chip vendors are being urged to take proactive actions to improve security.