Add Spectra To Your List Of Worries, Using Bluetooth To Manipulate WiFi Traffic
Coexistence Attacks On Wi-Fi, Cellular And Bluetooth Chips
If you were wondering what was going to hit the fan next, it is actually a vulnerability combined communications chips which was first reported to vendors in August 2019, yet remain unpatched to this day on current generation Broadcom SoCs. The vulnerability takes advantage of combo chips which provide Wi-Fi, Bluetooth, and LTE/5G connectivity.
The attack ignores your devices operating system altogether, instead it leverages the on chip communication between the various radio devices. In order for Bluetooth and WiFi to coexist peacefully on the same device they need to be able to coordinate spectrum access to ensure there are no collisions when they are both using same frequency and that communication can be used for nefarious purposes as well.
If an attacker can get access to your devices Bluetooth or Wifi, they can then use it to sniff out the other’s communications, execute code, capture keystrokes from Bluetooth keyboards and capture passwords during handshakes with saved networks. There doesn’t seem to be widespread use of any Spectra type attacks, but for now it is strongly suggested you delete your Bluetooth pairings when not in use, delete unused Wi-Fi networks, and use cellular instead of Wi-Fi when out in public.
Such is life in 2021.
"We provide empirical evidence that coexistence, i.e., the coordination of cross-technology wireless transmissions, is an unexplored attack surface," a group of researchers from the Technical University of Darmstadt's Secure Mobile Networking Lab and the University of Brescia said in a new paper.
More Tech News From Around The Web
- Steve Ballmer’s “parting gift” as Microsoft CEO: Trying to name Cortana “Bingo” @ Ars Technica
- Online retailers delaying sales of Raspberry Pi 4 model until 2023, thanks to a few good chips getting scarce @ The Register
- Boeing, Airbus Executives Urge Delay in US 5G Wireless Deployment @ Ars Technica
- Security Flaws Found in a Popular Guest Wi-Fi System Used in Hundreds of Hotels @ Slashdot
- Bad things come in threes: Apache reveals another Log4J bug @ The Register
- AverMedia DualCam PW313D – 2-in-1 Webcam @ Kitguru
- Win a Cooler Master 3-Pack @ Guru of 3D
- Win a DeepCool 4-Pack @ Guru of 3D