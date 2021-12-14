This security flaw puts billions of electronic devices on alert around the world, and many you already have at home.

In the current technological ecosystem where all our devices take advantage of Wi-Fi or Bluetooth to function, any security breach in this regard can endanger billions of electronic devices worldwide, and it has already happened.

And it is that now researchers from the University of Darmstadt, Brescia, CNIT and the Laboratory of secure mobile networks have published an article, collected by bleepingcomputer, where they demonstrate that can extract passwords and even manipulate traffic on a Wi-Fi chip that is pointing to a device’s Bluetooth component.

And it is that today’s electronic devices, such as our mobile phones, have a chip with separate components for Bluetooth, Wi-Fi and LTE, each with its own dedicated security implementation. These components usually share the same resources such as the antenna or the wireless spectrum.

And it is precisely this exchange of resources, which aims to make the chips more efficient, they can end up being used as bridges to launch privilege escalation attacks sides across the limits of wireless chips.

It is especially important, because the implications of these attacks include everything from code execution, memory reading, and denial of service.

To test the flaw, the researchers first ran code on the Bluetooth or Wi-Fi chip. Once they managed to execute remote code on one chip, they were able to side-attack another chip in the device using shared memory resources.

All these vulnerabilities have been assigned the following names:

CVE-2020-10368: WiFi unencrypted data leak (architecture) CVE-2020-10367: Wi-Fi code execution (architecture) CVE- 2019-15063: Wi-Fi denial of service (protocol) CVE-2020 -10370: Bluetooth denial of service (protocol) CVE-2020-10369: Bluetooth data leak (protocol) CVE-2020-29531: WiFi denial of service (protocol) CVE-2020-29533: WiFi data leak (protocol) ) CVE-2020-29532: Bluetooth denial of service (protocol) CVE-2020-29530: Bluetooth data leak (protocol)

The most worrying thing about the matter is that many of these failures can only be corrected by hardware revision, so many devices are going to be left with this security hole until they are withdrawn from the market or the user changes to another more advanced device.

For example, bugs that depend on physical memory sharing cannot be fixed with security updates of any kind.

Researchers have examined processors made by Broadcom, Silicon Labs and Cypress found inside billions of electronic devices. All these bugs have already been reported to the chip vendors and some have already been releasing security updates as of late.

However, many have not addressed these security issues either because they are no longer compatible with the affected products or because a firmware is unworkable.

As you can see from said table, there are a large number of electronic devices such as mobile phones and even MacBooks affected.

To avoid any type of problem you should follow some simple tips:

Delete the pairings of Bluetooth devices that we no longer use The same with the Wi-Fi networks that we no longer use, delete them and forget them from your device Never connect to public Wi-Fi networks, use your rate data

Although these are simple tips, sometimes due to ignorance or because we forget, we end up having a series of connections in our electronic devices that we should not have and that can be the gateway to certain attacks.