Flaw In Popular WiFi Chipset May Allow Attacker To Take Over Your Device
By: Jim Stickley and Tina Davis
January 24, 2019
There are exploits of computer-related vulnerabilities all the time. Sometimes (many times) hackers get to them first and take advantage of those users who are none-the-wiser about these issues. Other times, it’s great news to find that a security researcher actually found a vulnerability in a widely-used product and reported it to the developer for a fix. Recently, this was precisely what happened with a popular WiFi chipset that is found in many devices such as laptops, gaming consoles, and various Internet of Things (IoT) products, both in your home and at the office.
The issue is around ThreadX. This is used in the firmware for billions of products. The researcher from Embedi described how a bad actor could execute malicious code without any action from the user at all. He also identified approximately four memory corruption issues within the firmware. It isn’t hard to find this opening either. All an attacker has to do is send malformed WiFi packets to a device that contains the Marvell Avastar WiFi chipset and wait. And they don’t need your WiFi name or password either. These devices could be Chromebooks, Samsung Galaxy J1 smartphones, PlayStation4, Xbox One, Microsoft Surface laptops, and many others. If the attacker successfully identifies a device, he or she can execute malicious code and take over the device.
Fortunately, there is a fix in the works. However, there hasn’t been an estimated release date announced yet. Until then turn off your devices when not in use. This issue can be exploited just by the device being powered on or by being left on, so no need to increase your risk by leaving it on when not being used.
To be clear, so far no one knows if hackers have exploited this yet. However, now that the news is out, the likelihood increases.
When the patches are released, don’t delay in getting them applied when you see that little “update” indicator on the device. It only takes a minute or two to do this and it’s well worth repairing a big hole like this one.