A computer scientist has discovered four vulnerabilities in Wi-Fi that would endanger millions of devices including PS4 and Xbox
We use Wi-Fi technology every day to connect our devices to the Internet. It has become normal to activate the Wi-Fi icon and wait those few seconds that separate us from the Net. Unfortunately, Wi-Fi hides a problem that could put millions of devices at risk. Researcher Denis Selianin has discovered four vulnerabilities that endanger some devices that use Wi-Fi technology.
There are as many as 6.2 billion electronic devices that can potentially be attacked by hackers due to a series of Wi-Fi vulnerabilities discovered by the researcher of the company Embedi and among them there are also millions of PlayStation 4, Xbox One, Windows Surface laptops, Chromebooks, and smartphones of many brands. It all comes down, Selianin explains, to a trivial security issue in the ThreadX operating system, which is used as firmware to run most Wi-Fi chips.
What are the vulnerabilities affecting Wi-Fi
The researcher, for example, was able to easily breach a Marvell Acastar 88W8897 wireless network chip that is extremely popular. There are no less than four potential vulnerabilities discovered by Selianin, all of which are very easy for a hacker to implement and all of which are very dangerous in terms of the damage they could cause. One of the vulnerabilities, for example, can be triggered without any user interaction when scanning available networks. The tested Marvel chip, in fact, scans networks autonomously every five minutes. Thanks to the bug in the ThreadX operating system, however, portions of malicious code could be sent to the devices with each of these scans in order to take control of them. And this is the case even if the devices are not connected to any network, but are simply detectable because they are in range of the Wi-Fi chip.
Selianin explained that he found two methods to exploit this bug: one worked only with the Marvell chipset, the other with any ThreadX-based firmware. The researcher also showed the code with which it is possible to exploit these vulnerabilities, hiding the technical details that would allow hackers to use it to infect billions of devices with Wi-Fi chips controlled via ThreadX.
How to defend your devices
The big problem is precisely the huge spread that this operating system has had on devices of all kinds. Now Express Logic, the company that develops ThreadX, will have to quickly create a patch to "plug the holes" discovered by Selianin and, even more difficult, the update of the operating system will have to be spread on all the devices with WiFi chip that already use it. Users, meanwhile, don't have many ways to protect themselves because the WiFi chip scans networks on its own. On PS4 and Xbox One, for example, the only option is to disable Wi-Fi from the console's settings. On laptops and smartphones, however, use without Wi-Fi is almost unthinkable today.