While the tech giants were busy managing vulnerabilities in Bluetooth and WiFi chips, researchers have found another serious issue. Reportedly, they have discovered a Spectra attack that blurs the separation between WiFi and Bluetooth by targeting wireless chips.
Spectra Attack Targeting Wireless Chips
Researchers have found a new type of side-channel attack targeting wireless chips dubbed ‘Spectra attack’. This attack specifically targets the separation between Bluetooth, WiFi, and other wireless communication.
Briefly, the attack targets a vulnerability in combo chips – the wireless chips that support multiple wireless technologies. These chips work on a coexistence mechanism to support all the different technologies to work simultaneously on the wireless spectrum without collision. And that is what Spectra attack targets. According to the researchers,
Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum and wireless chips need to arbitrate the channel access. While coexistence should only increase performance, it also poses a powerful side channel.
In their study, the researchers could break the WiFi and Bluetooth separation on the tested chips. In turn, this allowed them to conduct attacks in a way that exploiting the vulnerabilities in one of these could also compromise the other. Hence, this phenomenon expands the attack surface.
For instance, as they explained, a DoS attack on the spectrum can further lead to information disclosure.
The associated packet meta information allows information disclosure, such as extracting Bluetooth keyboard press timings within the Wi-Fi D11 core.
Likewise, they also detected a shared RAM region that allowed code execution in WiFi via Bluetooth. Also, code execution within WiFi firmware somehow affected the Android and iOS kernel.
Vulnerable Chips Present In Millions Of Devices, All iPhones
The researchers tested Broadcom and Cypress chips in their study. These chips are frequently used in tons of popular devices including MacBooks, iPhones, and Samsung Galaxy S series.
Yet, they fear that similar vulnerabilities might also exist in other combo chips too. Hence, Spectra attack has made vulnerable the hundreds of millions of devices used globally.
The researchers are going to reveal the details of their findings in the upcoming virtual Black Hat USA 2020. At the same time, they will also publish a detailed white paper about their study.
Let us know your thoughts in the comments.
