A new study has revealed that hackers can steal passwords and manipulate web traffic on Wi-Fi chips by targeting the Bluetooth connection standard of mobile devices.
Smartphones, tablets, and other modern mobile devices today contain various radio connectivity technologies such as Bluetooth, Wi-Fi and LTE, and so on, each with its own set of features. separate dedicated security.
However, these technologies often share many of the same resources such as a device’s antenna or the radio frequency spectrum.
|Billions of Wi-Fi and Bluetooth devices are at risk of global attack|
According to a new report from the technology consulting website Bleeping Computer, researchers from the Darmstadt University of Technology (Germany) have discovered that hackers can use shared resources such as: antenna and radio frequency spectrum as a bridge to launch attacks on the chip system in the device.
Architectural and protocol flaws
To exploit these vulnerabilities, researchers first need to execute code execution on a Bluetooth or Wi-Fi chip. Once this is done, they can execute attacks on other devices’ chips using shared memory resources.
In total, the researchers found nine different security vulnerabilities, and while some can be fixed with a firmware update, others can only be fixed with a hardware modification. new, which leaves billions of existing devices at risk of potential attacks.
During the test, the researchers looked at chips from Broadcom, Silicon Labs, and Cypress, which are currently found in billions of devices. After they reported the vulnerabilities to these chip vendors, some released security updates to address them. However, some are unresolved because they affect products that are no longer supported such as the Nexus 5 and iPhone 6 phones.
To avoid falling victim to any attack that exploits these security holes, users should remove unnecessary Bluetooth device pairings, remove unused Wi-Fi networks from device settings. and use mobile data instead of public Wi-Fi.
The researchers said they will continue to monitor these vulnerabilities as device manufacturers begin to roll out new firmware updates, but they also believe that there are some vulnerabilities that could be never patched.
Phan Van Hoa(according to Techradar)
US warns hundreds of millions of devices at risk from newly disclosed vulnerability
On December 13, a senior US cybersecurity official warned that hundreds of millions of devices around the world may have been affected by a newly disclosed software vulnerability.