We use Wi-Fi technology every day to connect our devices to the Internet. It has become normal to activate the Wi-Fi icon and wait for the few seconds that separate us from the Net. Unfortunately, Wi-Fi hides a problem that could put millions of devices at risk. The wanted Denis Selianin has discovered four vulnerabilities that endanger certain devices that use Wi-Fi technology .
There are 6.2 billion electronic devices potentially attacked by hackers due to a series of Wi-Fi vulnerabilities discovered by the company researcher Embedi and among them there are also millions of PlayStation 4, Xbox One, Windows Surface laptops, Chromebooks, and smartphones of many brands. It all depends, Selianin explains, on a trivial security problem with the ThreadX operating system , used as a firmware to run most of the Wi-Fi chips.
What are the vulnerabilities affecting Wi-Fi
For example, the researcher was able to easily violate a Marvell Acastar 88W8897 wireless network chip that is extremely widespread. The potential vulnerabilities discovered by Selianin are four, all very simple to put in place for a hacker and all very dangerous for the damage they could cause. One of the vulnerabilities, for example, can be activated without any user interaction when scanning available networks. The tested Marvel chip, in fact, scans the networks independently every five minutes. Thanks to the bug in the ThreadX operating systemhowever, with each of these scans, malicious code portions could be sent to the devices to take control of them. And this even if the devices are not connected to any network, but are simply detectable because in the range of the Wi-Fi chip .
Selianin explained that he had found two methods to exploit this bug: one worked only with the Marvell chipset, the other with any ThreadX-based firmware. The researcher has also shown the code to exploit these vulnerabilities, hiding the technical details that would allow hackers to use it to infect billions of devices with Wi-Fi chips controlled by ThreadX.
How to protect your devices
The big problem is just the huge diffusion that this operating system has had on devices of all kinds. Now Express Logic, the company that develops ThreadX, will have to quickly create a patch to ” plug the holes ” discovered by Selianin and, even more difficult, the update of the operating system will have to be spread on all devices with WiFi chips that already they use it. Users, meanwhile, do not have many ways to protect themselves because the Wi-Fi chip scans networks on its own. On PS4 and Xbox One , for example, the only option is to disable Wi-Fi from the console settings . On laptops and smartphones, however, use without Wi-Fi is almost unthinkable today.