Researchers have identified a flaw in the SoC ThreadX OS that allows an attacker to send malicious code into WiFi controllers. Express Logic's operating system is embedded in nearly 6.2 billion computers, routers, smartphones and game consoles.
The Threadx-compatible SoCs, including the Marvell Avastar 88W8897, are integrated in a multitude of consumer terminals like PCs and smartphones, but also PS4 and Xbox One. (Credit: Marvell)
Embedi researchers have detected a flaw in Express Logic's ThreadX operating system. Avastar 88W8897 SoCs and all ThreadX-compatible SoCs are affected. In short, nearly 6.2 billion devices (computers, smartphones, routers, PlayStation 4 and Xbox One) equipped with these SoC are exposed.
One of the vulnerabilities discovered was a special case of ThreadX block pool overflow. This vulnerability can be triggered without user interaction during the analysis of available networks, reads the blog post of the researcher Embedi. The latter has found several ways to execute malicious code. The most worrying is the ability to broadcast corrupted WiFi packets that will load into the SoC memory of the WiFi module. They will run at the time of updating the list of available networks on the machine, every five minutes on FNU / Linux according to the researchers. Worse, it is not necessary to know the WiFi key network to attack. Express Logic has stated that patches are being developed.
No comments:
Post a Comment