Stephen Pritchard December 23, 2021 15:28 UTC
Update time: December 23, 2021 15:43 UTC
Researchers have discovered that attackers can use the connection between wireless chips to steal data or credentials
According to security researchers, vulnerabilities in the wireless chip design could allow malicious hackers to steal data and passwords from the device.
According to the organization, from the Secure Mobile Network Group of the Technical University of Darmstadt (Germany) and the CNIT (Italy) of the University of Brescia, attackers can take advantage of “wireless coexistence” or shared component capabilities on millions of mobile devices.
Wireless devices typically use radio components, combo chips, or system-on-chip (SoC) designs with shared resources. These SoCs are responsible for multiple radio interfaces, including Bluetooth, WiFi, LTE (4G) and 5G.
However, as the researchers pointed out, these interfaces often share components, such as memory, and resources including antennas and wireless spectrum. Designers use wireless coexistence to achieve resource sharing and maximize network performance. In doing so, they create security holes that are difficult or impossible to patch.
The researchers warned: “Although SoCs are continuously optimized for energy efficiency, high throughput, and low-latency communications, their security is not always a priority.”
Aerial use
In the test, the researchers built a mobile test device at a price of less than $100, and used the Bluetooth connection to obtain the network password and manipulate the traffic on the WiFi chip in an air attack. They point out that coexistence attacks enable a new type of horizontal privilege escalation across chip boundaries.
Researchers are able to develop proof-of-concept on shared resources of technologies from Silicon Labs, Broadcomm, and Cypress. The team found 9 CVEs, and they disclosed this information to chip companies, Bluetooth SIG and related manufacturers that use coexistence interfaces.
Learn about the latest mobile security news and analysis
An attacker can “upgrade the privilege horizontally from one wireless chip or core to another”. Serial coexistence protocols may leak information between wireless chips, leaking data packet types and activities. They found that malicious hackers can obtain key press time from Bluetooth devices to “infer the password and the length of the password.”
More detailed information about the research can be found in the researcher titled “Attacks on wireless coexistence: use cross-technology performance characteristics to enhance inter-chip permissions‘(PDF).
Researchers devised an attack against devices with multiple radio frequencies [radio frequency] interface
Mitigation impossible?
Potential attacks are both concealed and difficult to repair. Researchers warn that attacks that move laterally between components may be invisible to the operating system and therefore bypass its protective measures.
Hardware manufacturers should be able to reduce risk by redesigning chip architecture and patching firmware. But not all systems can be patched, and old devices may no longer get updates from the manufacturer.
At the same time, it is recommended that device users take measures, such as deleting unused Bluetooth pairings and using 4G instead of WiFi in public places.
“This triggered a whole new type of attack against devices with multiple RF [radio frequency] Interface,” British Security Researcher Andrew Tierney Tell Drink it every day“The most interesting aspect is their concealment, which completely bypasses the protection of operating system settings.”
But he added that because these technologies are “very complex,” they are most likely to be used by nation states.
You might also like The bug bounty platform handles thousands of Log4j vulnerability reports
