A new series of threat attacks has been detected by the security experts from the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab.
These new bugs affect billions of WiFi Chips that allow any attackers to extract passwords and manipulate traffic from the affected devices. All the exploits that are detected are shared resources between Wi-Fi and Bluetooth features.
Nowadays, all modern mobile devices come up with different wireless features for the betterment of users, but the threat actors are targeting these to implement different cyberattacks.
However, this new threat attack is being made on a variety of system-on-chip (SoC) that has been specially prepared by Broadcom, Cypress, and Silicon Labs.
All these resource sharing are done with the motive to make the SoCs more energy-efficient and provide higher throughput and low latency in communications.
Architecture & Protocol with multiple flaws
After knowing about the threat, the security experts started their investigation, after which they came to know that they were initially required to conduct code execution either on the Wifi chip or on the Bluetooth.
Once done with the code execution on one chip, now they can easily perform all kinds of lateral attacks on the device’s other chips simply by using the shared memory resources.
Here is the list of vulnerabilities:-
- CVE-2020-10368: WiFi unencrypted data leak (architectural)
- CVE-2020-10367: Wi-Fi code execution (architectural)
- CVE- 2019-15063: Wi-Fi denial of service (protocol)
- CVE-2020-10370: Bluetooth denial of service (protocol)
- CVE-2020-10369: Bluetooth data leak (protocol)
- CVE-2020-29531: WiFi denial of service (protocol)
- CVE-2020-29533: WiFi data leak (protocol)
- CVE-2020-29532: Bluetooth denial of service (protocol)
- CVE-2020-29530: Bluetooth data leak (protocol)
Effect & Remediation
The chips are generally made by Broadcom, Cypress, and Silicon Labs, and all these chips were found in the different electronic devices by the security experts.
But all the flaws have been reported to their chip vendor, and there are some chips that have already released the security updates.
Many chips have not released any security updates because they no longer support the impacted products or because their firmware patch is virtually infeasible.
While Cypress has published some security fixes in June 2020, and they again updated it in October, and here we have mentioned below the fixes:-
- The main reason for causing code execution is the shared RAM feature and it is “enabled by development tools for testing mobile phone platforms.”
- The Keyboard packets are mostly identified through other means; therefore, the keystroke data leakage is noted as solved without a patch.
- Cypress has planned to execute a monitor feature in the Wifi and Bluetooth stacks to allow a system that generally response to abnormal traffic patterns and for DoS resistance.
Moreover, there are a few simple protection measures that are recommended, and here they are:-
- Delete unnecessary Bluetooth device pairings.
- Remove unused WiFi networks from the settings.
- Use cellular instead of WiFi in public spaces.
Solving these issues with the help of the fixes mentioned above will surely help to lower the risk of this kind of threat attack, but the most dangerous element of the attack stays largely unfixed.