There are many vulnerabilities that can put our computers at risk. They affect all types of systems and this can cause security and privacy problems. We have sometimes seen failures that affect Wi-Fi or Bluetooth. They are two technologies widely used in the day to day by users. Today we echo Spectra , a new attack that they have developed that breaks the separation between Wi-Fi and Bluetooth.
Spectra, the new attack that affects Wi-Fi and Bluetooth
The name will remind us of Specter. In this case, it is a new practical attack that breaks the separation between Wi-Fi and Bluetooth technologies that run on the same device, such as laptops, mobile phones and tablets. It has been developed by security researchers from Germany and Italy.
This attack, which they have called Spectra , works against combined chips, specialized chips that can manage multiple types of wireless communications, such as Wi-Fi or Bluetooth.
The team of researchers behind this discovery indicate that Spectra is a new class of vulnerability that is based on the fact that transmissions occur on the same spectrum and that wireless chips need to arbitrate access to the channel.
Specifically, the Spectra attack leverages the coexistence mechanisms that chipset providers include with their devices. Combined chips use these mechanisms to switch between wireless technologies in a fast way.
They explain that this type of mechanisms allow to improve performance. However, they also leave the door open for possible side channel attacks and would allow a possible intruder to enter, an attacker who could exploit vulnerabilities.
First time to break this barrier on combo chips
The two groups that have participated in this project correspond to the Technical University of Darmstadt, in Germany, and the University of Brescia, in Italy. They assure that they are the first team that have managed to break this barrier of coexistence in combined chips.
They have analyzed the combined Broadcom and Cypress chips, which are present in many very popular devices, such as all iPhone, Macbook or Samsung phone models. They managed to exploit Spectra by attacking the combo chip and the interface between the two technologies. They indicate that the results vary, but that in certain scenarios it is possible.
They also indicate that they identified a shared RAM region, which enables code execution via Bluetooth over Wi-Fi. This makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, greatly increasing the attack surface.
It should be noted that the technical details of this attack have not yet been made public. It is planned that in the coming month of August they will provide all the information through a virtual conference that they are going to hold.
As we have indicated, there are many occasions when vulnerabilities can arise that lead to attacks. We leave you an article with the best free vulnerability scanners .