Collaborative research between the Secure Mobile Networking Lab and the University of Darmstadt from Germany revealed that billions of smart gadgets we’re using today are exposed to various cyberattacks!
They found a way to exploit WiFi chips in networking devices through Bluetooth components and laterally spread their exploits through resource-sharing features. Unfortunately, though the vendors were informed about this, they can only patch some of the discovered vulnerabilities.
A Threat That Cannot Be Patched
Researchers at the German University of Darmstadt, in association with the Secure Mobile Networking Lab, have discovered flaws in commonly used networking technologies that now put billions of devices at risk!
Their published report can exploit the discovered flaws to result in data leaks like passwords and intercept WiFi traffic to manipulate operations. For this, the first has to exploit Bluetooth in the targeted device and then laterally move in the device to exploit other components ultimately.
All the smart gadgets we see today come with different networking technologies like WiFi, Bluetooth, LTE, etc., with their chips and security solutions alongside the significant SoC. But, they work based on sharing resources like antennae or the wireless spectrum. And this bridging is where the researchers had cashed on.
With previously known vulnerabilities, researchers started hitting the bugs in BluetooWiFir WiFi of a device. Once in, they’d then move laterally with escalated privileges across the chips that share resources. This will let them hit the memory unit for leaking any stored information, sometimes sensitive data like passwords.
Also, execute any malicious code remotely and trigger a Denial-of-Service attack. Researchers have also stated successfully performing an OTA (Over-the-Air) attack by exploiting the below flaws in Broadcom, Cypress, and Silicon Labs chips.
- CVE-2020-10368: WiFi unencrypted data leak (architectural)
- CVE-2020-10367: Wi-Fi code execution (architectural)
- CVE- 2019-15063: Wi-Fi denial of service (protocol)
- CVE-2020-10370: Bluetooth denial of service (protocol)
- CVE-2020-10369: Bluetooth data leak (protocol)
- CVE-2020-29531: WiFi denial of service (protocol)
- CVE-2020-29533: WiFi data leak (protocol)
- CVE-2020-29532: Bluetooth denial of service (protocol)
- CVE-2020-29530: Bluetooth data leak (protocol)
The researchers informed all the concerned vendors a long back, and some have even responded with a few patches too. But the devices are still vulnerable as some security flaws cannot be patched as they’re hardware bonded. Thus, following average measures like
- Removing unused WiFi networks from the settings
- Deleting unnecessary Bluetooth device pairings, and
- Using cellular insteWiFif WiFi in public spaces can safeguard you from general attacks.