![]() Wi-Fi firmware is usually made up of low-level proprietary code, so it hasn’t been thoroughly scrutinized for flaws by the hacker community as operating systems or popular software applications have. In 2017, researchers found critical vulnerabilities in the Bluetooth implementations of major operating systems that could be exploited to take over systems. Wi-Fi is also not the only wireless protocol that allows over-the-air no-interaction attacks. Researchers from Google’s Project Zero team found similarly dangerous flaws two years ago in the firmware of Broadcom Wi-Fi chips used in mobile devices. This is not the first vulnerability found in Wi-Fi firmware. We have communicated to our direct customers to update to Marvell’s latest firmware and driver to get the most recent security enhancements, including support for WPA3.” “Marvell deployed a fix to address this issue which we have made available in our standard driver and firmware. “Marvell is not aware of any real world exploitation of this vulnerability outside of a controlled environment,” Marvell said in a statement sent via email. Doing this in a crowded area with a lot of wireless networks and targets, such as an airport, can result in a lot of victims. The exploitation happens during the Wi-Fi scanning done automatically by devices in the background and only requires placing a specifically crafted access point in its range. This is a very powerful attack since, unlike other exploits, it doesn’t require pairing the device with an evil Wi-Fi network. ![]() That’s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn’t connected to any network).” This procedure is launched every 5 minutes regardless of a device being connected to some Wi-Fi network or not. “This vulnerability can be triggered without user interaction during the scanning for available networks. ![]() “One of the discovered vulnerabilities was a special case of ThreadX block pool overflow,” the researcher said in a blog post. He found four memory corruption bugs, but one was very easy to exploit. He found that the Avastar firmware was based on ThreadX, a proprietary real-time operating system (RTOS) with more than 6 billion deployments worldwide, so it might be possible for the flaws to affect other chips.įirst, Selianin identified two methods of exploiting block pool overflows in ThreadX, one that’s generic and could apply to all ThreadX deployments if they have such a vulnerability and one that’s specific to Marvell’s implementation. Selianin performed his research on the Valve Steam Link hardware, because it was running Linux and did not have DRM protection, which made it easier to reverse-engineer. The Marvell Avastar Wi-Fi chips are used in Valve Steam Link, a now-discontinued streaming device, but also in the PlayStation 4, some Microsoft Surface tablets and laptops, Samsung Chromebooks and other devices. This firmware is loaded by the driver installed in the operating system’s kernel and is used to initialize the chip’s functionality during boot. The vulnerabilities were discovered by Denis Selianin, a researcher at security firm Embedi, and are located in the firmware of Marvell Avastar Wi-Fi system-on-a-chip (SoC).
0 Comments
Leave a Reply. |