InfoSec News & Investigations

New Spectra Attack that breaks the division between Wi-Fi and Bluetooth to be released at Black Hat Security Conference

The developers call it “Spectra.” This assault neutralizes “combo chips,” specific chips that handle various kinds of radio wave-based remote correspondences, for example, Wi-Fi, Bluetooth, LTE, and others. The attack system is set to release in August at the Black Hat Security Conference in a virtual session. The full academic paper with all details will also be published in August. The researchers teased a few details about the attack in an upcoming Black Hat talk, “Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access.”

The Spectra assault exploits the coexistence mechanism that chipset merchants incorporate within their devices. Combo chips utilize these systems to switch between wireless technologies at a quick pace. Specialists state that while this coexistence mechanism speeds execution, they likewise give a chance to attackers for side-channel assaults. Jiska Classen from Darmstadt Technical University and Francesco Gringoli researcher from the University of Brescia state that they are the first to explore such possibility of using the coexistence mechanism of Combo chips to break the barrier between Wireless.

“We specifically analyze Broadcom and Cypress combo chips, which are in hundreds of millions of devices, such as all iPhones, MacBooks, and the Samsung Galaxy S series,” the two academics say. “We exploit coexistence in Broadcom and Cypress chips and break the separation between Wi-Fi and Bluetooth, which operate on separate ARM cores.” Results change. However, the research group says that specific situations are possible after a Spectra assault. “In general, denial-of-service on spectrum access is possible.

The associated packet meta-information allows information disclosure, such as extracting Bluetooth keyboard press timings within the Wi-Fi D11 core,” Gringoli and Classen said. “Moreover, we identify a shared RAM region, which allows code execution via Bluetooth in Wi-Fi. It makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, thus, tremendously increasing the attack surface.” Though the research used Broadcom and Cypress chips for Spectra attacks, the researchers Gringoli and Classen are sure that this attack will work on other chips.

Original Source