Spectra exploit attacks WiFi and Bluetooth combo chips

Researchers have found a way to attack WiFi and Bluetooth wireless combo chips with an exploit called Spectra. These combo chips are used commonly in every computer and multiple wireless devices. Research also indicates this affecting cellular networks as well.

The researcher behind the finding said:

We exploit coexistence in Broadcom and Cypress chips and break the separation between Wi-Fi and Bluetooth, which operate on separate ARM cores. In general, denial-of-service on spectrum access is possible. The associated packet meta-information allows information disclosure, such as extracting Bluetooth keyboard press timings within the Wi-Fi D11 core. Moreover, we identify a shared RAM region, which allows code execution via Bluetooth in Wi-Fi. This makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, thus, tremendously increasing the attack surface. During code execution within the Wi-Fi firmware, we even experience kernel panics on Android and iOS.

But Spectra exploit attacks this common bandwidth. It can be used to use DDOS (Denial of Service) attacks on people’s PCs and other devices including wireless routers. There’s a possibility of the data can be extracted via packet information.

The researcher continued, “We are the first to explore side-channel attacks on wireless coexistence. We specifically analyze Broadcom and Cypress combo chips, which are in hundreds of millions of devices, such as all iPhones, MacBooks, and the Samsung Galaxy S series. Note that other manufacturers also rely on coexistence and similar attacks might apply.”

There’s no mention of this affecting Intel wireless chips that typically provided with most motherboards or sold separately. They assured to provide all the details on Spectra with an academic paper during the Black hat security conference in August via a virtual session.

VIA: TechPowerUP!