Иллюстрация Жиски Классен (Jiska Classen), одной из исследовательей новой уязвимости

Wi-Fi and Bluetooth combo chips loophole for Spectra’s new attack


The integration of wireless technologies in one combined solution makes devices cheaper, but opens the way to new types of attacks through side channels. This conclusion was reached by researchers from Germany and Italy. Security experts have discovered that an attack on combined chips for wireless allows you to quietly penetrate the adjacent “spectrum”, extracting data and causing a denial of service.

Illustration of Jiska Classen, one of the researchers of the new vulnerability

Illustration of Jiska Classen, one of the researchers of the new vulnerability

“Spectra, a new class of vulnerability, is based on the fact that transmissions occur in the same spectrum [частотном диапазоне], and wireless chips [каждого из стандартов] must allow access to [общему] channel “– said the research team in a brief summary, preceding a detailed report at the Black Hat conference, which will be held in August this year.

According to the researchers, they developed a new hands-on attack that breaks down the barriers between Wi-Fi and Bluetooth technologies running on the same device, such as laptops, smartphones, and tablets. Although the data (packets) are finally processed on different ARM cores, the Spectra attack allows an attack on the Wi-Fi packet metadata through an attack on the Bluetooth part of the combined chip and, on the contrary, an attack on the Wi-Fi part of the chip allows an attack on a broadband channel Bluetooth For example, researchers have shown that they can intercept the timings of the Bluetooth keyboard through an attack on Wi-Fi.

A simpler task that Spectra can handle is denial of service. Also, a new type of attack makes it possible to increase the area of ​​destruction of the attacked device with one blow, covering both technologies at a time.

Researchers examined Spectra’s vulnerability using Broadcom and Cypress combined RF chips. However, they are aware that in the world there are much more such combined solutions and it is impossible to verify all of them, which gives attackers a certain advantage. As for the technical details of Spectra, then, we repeat, they will appear only in August. We hope that by this time manufacturers will find an opportunity to neutralize or mitigate this vulnerability.

If you notice an error, select it with the mouse and press CTRL + ENTER.

Leave a Comment