Wireless Coexistence Attacks Exploit (Systems on a Chip) SoCs

Researchers have demonstrated how wireless technologies, such as Bluetooth and WiFi, can lead to coexistence attacks. Such attacks can allow stealth data exfiltration, traffic manipulation, and more in a real-time scenario.

Researchers Demonstrate Wireless Coexistence Attacks

A team of academic researchers has found how wireless technologies like WiFi and Bluetooth can cross-interact maliciously.

Under standard conditions, these technologies operate through SoCs (Systems on a Chip) that often share resources and work in similar or even the same frequency spectrum. That is, these technologies ‘coexist’ without intercepting each other.

However, researchers have discovered wireless coexistence attacks, demonstrating how Bluetooth and WiFi can intercept to share (or steal) data. As stated in their paper,

We demonstrate that a Bluetooth chip can directly extract network passwords and manipulate traffic on a Wi-Fi chip. Coexistence attacks enable a novel type of lateral privilege escalation across chip boundaries.

Regarding the extent of information an attacker can get through this attack, the researchers explained that this attack could work both ways. An attacker can gain privilege escalation from the Bluetooth chip to code execution on the WiFi chip even if the latter isn’t connected to a wireless network. The target WiFi can provide the attacker with data like WiFi credentials.

Similarly, targeting a Bluetooth chip allows sniffing Bluetooth data packets to steal data. For instance, an adversary can determine the keystrokes of a Bluetooth keyboard to decipher the typed text.

In their study, the boffins analyzed a Broadcom and Cypress Bluetooth↔WiFi interface, common in most modern smartphones and other devices. Also, they tested Silicon Labs standardized IEEE 802.15.2 coexistence interface to demonstrate the denial of service and information disclosure. Subsequently, they found nine different vulnerabilities affecting the chips.

Technical details about the attack methodology are available in a detailed research paper.

Partial Fixes Deployed

Following this study, the researchers reported the matter to Bluetooth SIG and responsibly disclosed the bugs to chip makers, including Intel, Qualcomm, MediaTek, and others.

While the relevant vendors have released some firmware fixes, complete patching to mitigate coexistence attacks isn’t possible since it requires a significant hardware redesign.

Nonetheless, regular device users can prevent such attacks via three simple precautions; according to the researchers,

-Delete unnecessary Bluetooth device pairings
-remove unused Wi-Fi networks from the settings, and
-use cellular instead of Wi-Fi at public spaces

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients