WiFi Chipset Firmware Flaw Can Lead To Pwnage In A Whole Lot Of Devices
A report from a security researcher is claiming that a vulnerability affecting the firmware of a popular WiFi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices.
Denis Selianin says that vulnerability impacts the firmware of Marvell Avastar 88W8897, one of the most popular WiFi chipsets on the market. You can find it in devices like the Sony PlayStation 4, Xbox One, Microsoft Surface laptops, Samsung Chromebooks, Samsung Galaxy J1 smartphones, and Valve SteamLink cast devices, just to name a few.
Selianin described how someone could exploit the Avastar firmware (based on a custom implementation of the ThreadX real-time operating system) to execute malicious code without any user interaction. The report contains the technical details on exploiting the vulnerability and a demo video which is below.
Proof-of-concept code has not been released at this time. But patches are in the works. Check for updates shortly on your device.
This entry was posted on January 24, 2019 at 5:15 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
WiFi Chipset Firmware Flaw Can Lead To Pwnage In A Whole Lot Of Devices
A report from a security researcher is claiming that a vulnerability affecting the firmware of a popular WiFi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices.
Denis Selianin says that vulnerability impacts the firmware of Marvell Avastar 88W8897, one of the most popular WiFi chipsets on the market. You can find it in devices like the Sony PlayStation 4, Xbox One, Microsoft Surface laptops, Samsung Chromebooks, Samsung Galaxy J1 smartphones, and Valve SteamLink cast devices, just to name a few.
Selianin described how someone could exploit the Avastar firmware (based on a custom implementation of the ThreadX real-time operating system) to execute malicious code without any user interaction. The report contains the technical details on exploiting the vulnerability and a demo video which is below.
Proof-of-concept code has not been released at this time. But patches are in the works. Check for updates shortly on your device.
Share this:
Like this:
Related
This entry was posted on January 24, 2019 at 5:15 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.