Wireless Coexistence - For 'Inter-Chip Privilege Escalation,' New Attack Approach Exploits Bluetooth And Wi-Fi

Wireless Coexistence – For ‘Inter-Chip Privilege Escalation,’ New Attack Approach Exploits Bluetooth And Wi-Fi

According to security specialists, flaws in wireless chip designs might allow malevolent hackers to steal data and passwords from devices. Attackers might use “wireless coexistence” or shared component characteristics on millions of mobile devices, as per researchers from the Technical University of Darmstadt’s Secure Mobile Networking Group (Germany) and the University of Brescia’s CNIT (Italy).

Radio components with shared resources, combination chips, and System on a Chip (SoC) architectures are often used in wireless devices. These SoCs control multiple radio interfaces, such as Bluetooth, Wi-Fi, LTE (4G), and 5G.

According to researchers, these interfaces generally share components such as memory and resources like antennas and wireless airwaves. Designers use wireless coexistence to facilitate resource sharing and improve network performance. They cause security problems that are difficult, if not impossible, to fix.

While SoCs are continually tuned for energy efficiency, fast throughput, and low latency communication, the researchers caution that security hasn’t always been a top priority.

In experiments, researchers created a mobile test rig for about $100 and used a Bluetooth connection to extract network passwords and alter traffic on a Wi-Fi chip in an over-the-air attack. They claim that coexistence attacks allow for a new sort of lateral privilege escalation across chip boundaries.

The researchers constructed a proof-of-concept using Silicon Labs, Broadcomm, and Cypress technology to exploit shared resources. The researchers discovered nine CVEs, which informed chipmakers and the Bluetooth SIG and other coexistence interface manufacturers.

Attackers can elevate privileges from one wireless chip or core to another. On the other hand, serial coexistence methods can leak data across wireless chips, revealing packet kinds and activities. They discovered that malicious hackers might get keypress timings from a Bluetooth device to deduce passwords and password lengths. This research paper has further information on the study.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.