A number of popular games consoles, smartphones, laptops and IoT devices contain a Wi-Fi chip with a serious security vulnerability, researches have claimed.
A weakness found in ThreadX, which is a real-time operating system used as firmware in the Wi-Fi chips of a huge range of devices, could be easily exploited, according to Denis Selianin of Embedi, in new research published on Monday.
The Marvell Avastar 88W8897 chipset is featured in devices like the Xbox One, PS4, Samsung Chromebooks, Galaxy J1 phones, Microsoft Surface laptops and Valve SteamLink cast phones.
In an interview with ZDNet, Selianin explained how easily the ThreadX firmware vulnerability could be exploited by bad actors.
Related: PS5 latest
He said: “I’ve managed to identify ~4 total memory corruption issues in some parts of the firmware. One of the discovered vulnerabilities was a special case of ThreadX block pool overflow. This vulnerability can be triggered without user interaction during the scanning for available networks.”
Because the firmware is designed to search for Wi-Fi networks every five minutes, Selianin explained that all an attacker would need to do is send malformed Wi-Fi packets to a device rocking the chipset and then launch malicious code to commandeer the hardware.
He added the exploit even worked when devices weren’t even connected to a Wi-Fi network. He said: “That’s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn’t connected to any network).”
The researcher said there were two ways of exploiting this vulnerability, with one specific to the Marvell chipset, which was chosen for the study because of the sheer number of devices that rely upon it for Wi-Fi connectivity. The second could work on any of the 6.2 billion devices on earth running the ThreadX-based firmware.
The researcher breaks it down in the video below:
How many devices do you own that could be vulnerable to this security flaw? Let us know @TrustedReviews on Twitter.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
