Researchers from the Technical University of Darmstadt in Germany (Secure Mobile Networking Lab) and the University of Brèche (Italy), detail a new critical security flaw that lies in the chips that combine WiFi connectivity and Bluetooth. These chips are frequently found in mobile devices, especially smartphones. According to the researchers, hackers can thus extract passwords and manipulate the traffic entering and leaving these chips, which can lead to elevations of privilege or even the execution of arbitrary code remotely.
Chips which combine several network connectivity such as WiFi and Bluetooth do indeed share many components. And the separation between the two technologies is based on the distinction between the frequency ranges, transmitted and received through the same components. Thus with these chips, the WiFi and Bluetooth networks are de facto two virtual networks of the same set. This approach increases the performance of wireless connectivity tenfold, while speeding up the switch from one type of connectivity to another.
You can hack a smartphone via its WiFi + connectivity Bluetooth
However, because the two networks share the same components, it becomes possible to “talk” to parts of the chip that an attacker would not normally have access to. The researchers explain: “Instead of seeking escalation of privileges directly in the mobile operating system, wireless network chips can gain higher privileges in other chips by exploiting the same mechanisms that normally allow their access to shared resources such as the transmission antenna and the wireless frequency range to be displayed. ”
“The WiFi chip encrypts network traffic and retains current WiFi credentials, giving the attacker even more information. In addition, an attacker can execute code on a WiFi chip even when the latter is not connected to a wireless network ”, explain the researchers. To make matters worse, the team also discovered that it is possible to spy on keystrokes on wireless bluetooth keyboards, hacking the same chip even when the attacker is only connected to WiFi.
It is indeed possible even from this virtual network to observe the Bluetooth packets which allows to deduce the binary code of each character. What is striking is that these loopholes are not entirely new. Some of these attacks had been described as early as August 2019, which did not prevent Broadcom from continuing to produce chips impacted after this date.
Read also – The new BLESA Bluetooth flaw makes billion vulnerable devices
The researchers named this new class of “Spectra” attacks. It is likely that this series of vulnerabilities are impossible to patch and require design changes in the chips that combine WiFi and Bluetooth connectivity. There are, however, ways to reduce the risk on today’s devices. Indeed, in 2020, it is common to have a comfortable data plan. From then on, WiFi connectivity has little interest in day-to-day smartphones. Disabling WiFi and Bluetooth networks when you are not using them prevents hackers from taking advantage of this technique.
2021 Bitdefender Antivirus Plus