Vulnerability in firmware for Wi-Fi chips affects millions of devices

This vulnerability has been discovered by a group of security researchers and affects ThreadX . It is the real-time operating system that is used as firmware on millions of devices around the world. For this reason, this vulnerability is of great importance. These security researchers have explained that a possible attacker could exploit the vulnerability of the ThreadX firmware. They did a test with a Wi-Fi chip installed in a Marvell Avastar 88W8897 . They managed to execute the malicious code without user interaction. The chip is present in video game platforms such as Sony PlayStation 4 or xBox One .





The security flaws were discovered in the Marvell Avastar 88W8897 SoC (Wi-Fi + Bluetooth + NFC), present in Sony PlayStation 4 (and its Pro variant), Microsoft Surface (+ Pro) tablet and laptop, Xbox One, Samsung Chromebook and smartphones (Galaxy J1), and Valve SteamLink.






According to one of the security researchers, they have managed to identify 4 memory corruption problems in some parts of the firmware. One of these vulnerabilities can be activated without user interaction when performing a network search. 

These security researchers have explained that a possible attacker could exploit the vulnerability of the ThreadX firmware . They did a test with a Wi-Fi chip installed in a Marvell Avastar 88W8897. They managed to execute the malicious code without user interaction. In Marvell System-on-Chip (SoC) there are certain drivers that work with the Linux kernel that uses: "mwifiex" (source available in the official Linux repository) ,"mlan" and "mlinux" , whose sources are available in the steamlink-sdk repo . 




Send Wi-Fi packets with incorrect format

The firmware function to search for new Wi-Fi networks starts automatically every five minutes. What the attacker does is send Wi-Fi packets with incorrect format to any device that has this type of chips with the vulnerability. Subsequently, they only have to wait until the function starts and deploy malicious code to control the device. 
They report that this vulnerability that affects ThreadX could be present in more than 6,000 million devices . 

Hackerbrother
Hackerbrother

This is a short biography of the post author.

No comments: