CATEGORIES
home News

Alarming Wi-Fi Chipset Bug A Security Risk For Millions Of Game Consoles, Laptops, Routers And Other Devices

by Rob WilliamsSaturday, January 19, 2019, 11:31 AM EDT

Most of the security vulnerabilities we write about at HotHardware fortunately won't affect the vast majority of readers. Either these exploits require user interaction to kick-start, or you have to be of particular interest as a target for someone to go through the effort of executing more complex attacks against you or your devices. But then there are those vulnerabilities that could impact any of us at any time, and worse, can be exploited with the ultimate of ease.

WiFi Chipset Bug

Embedi is a security firm that focuses on embedded devices and operating systems (hence the name). Through its research efforts, the company discovered some serious issues with the firmware of the widely-used ThreadX RTOS (real-time operating system). ThreadX is used on such wireless adapters as the Marvell Avastar 88W8897 Wi-Fi chip, which is employed in a wide swath of devices all over the market, in game consoles (including Xbox One and PlayStation 4), TV set top boxes, media servers, wireless routers, access points and more.

ps4


There are a few bugs that have been ousted here, but the most interesting of them all is a block pool overflow that requires interaction from the victim to exploit. This is thanks to a built-in function in ThreadX which will scan for new wireless networks every five minutes. If a network with malicious packets is picked up, then the bug gets exploited, and the desired code gets executed. Ultimately, this results in a compromised device, one where the attacker could gain full access.

Here's an example of an attack taking place...

Unfortunately, there doesn't seem to be a blanket fix for this security threat vector, but firmware can of course be updated to remedy the issue. However, it's not entirely clear how often the firmware on preexisting devices actually gets updated. While Microsoft Xbox and Sony PlayStation get regular updates, including new versions of software, do those updates also have the capabilities to flash firmware to a network device? We'd hope so, but if not, we can instead hope for a second solution that wouldn't bring about some other caveat.

This unfortunately seems like the type off bug where we'd hope for some quick answers from impacted device makers. Many of us own not just one affected device, but multiple (even some Microsoft Surface laptops are impacted). This is also the kind of wide-spread issue that highlights some of the risks of being so digitally connected. Many of us own this Marvell network adapter without even realizing it, and we now find out that it has some major vulnerabilities. These days, security breaches and exploits are far too commonplace. Security, intrusion detection and prevention are truly the new frontier.

Tags:  security, Marvell, vulnerability, exploit, wi-fi
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment