TECH

Billions of Wi-Fi and Bluetooth modules can steal your passwords and data

Researchers at Darmstadt University of Technology, along with colleagues from the Secure Mobile Networking Lab. and several other European organizations have published an article that proves the ability to extract passwords and manipulate traffic by exploiting vulnerabilities in Wi-Fi and Bluetooth chips.

Modern consumer devices such as smartphones or tablets are equipped with single-chip systems (SoCs) with separate Bluetooth, Wi-Fi and LTE modules, each with its own security implementation. Most of the time, however, these components share the same resources as the antenna or the frequency spectrum. With this, developers are able to make the SoC more efficient in terms of energy. Furthermore, throughput is increased and data transmission delays are reduced.

According to the researchers, the shared resources of wireless modules can be used by attackers as bridges to launch privilege escalation attacks. After carrying out such an attack, an attacker could remotely execute code on the target device as well as read data from memory and affect its performance.

As part of this attack, attackers will need to perform remote code execution on a Bluetooth or Wi-Fi module. Vulnerabilities that allow you to do this have been discovered by researchers in the past. As soon as it is possible to carry out code execution in a module, it immediately opens up the possibility of attacking other components through the device's shared resources. As part of the work carried out, the researchers managed to cause denial of service, remote code execution, extract network passwords and transmitted data.

Wireless vulnerabilities such as CVE-2020-10368 (data leakage via Wi-Fi), CVE-2020-10367 (Remote code execution via Wi-Fi module), CVE-2019-15063 (Service failure via Wi-Fi module Fi), CVE-2020-10370 (denial of service via Bluetooth module), CVE-2020-10369 (data leakage via Bluetooth), etc. It is noted that some of the vulnerabilities cannot be fixed by releasing software patches. For example, physical memory sharing vulnerabilities cannot be fixed by any security updates. In some other cases, applying software fixes can lead to performance degradation.

The researchers worked with a variety of wireless adapters from Broadcom, Cypress and Silicon Labs that are used in billions of electronic devices around the world. Any vulnerabilities found are reported to the manufacturers and some of them release appropriate security fixes whenever possible. However, not everyone does this because in some cases the device support period has expired, or it is simply impossible to resolve the issue with the help of software patches. 

Material source: Darmstadt University of Technology/Secure Mobile Networking Lab.