Wireless Chip Vulnerability

Tuesday, October 30, 2012 @ 09:10 AM gHale

There is a remotely exploitable vulnerability in wireless chipsets that attackers could leverage to launch a denial-of-service (DoS) attack.

The vulnerability is the result of an out-of-bounds read error condition that exists in the chips’ firmware, according to advisories published by the United States Computer Emergency Readiness Team and Core Security. The chipsets are the Broadcom BCM4325 and BCM4329.

Weak Crypto Keys Fixed
Windows Help Files an Attack Vector
Apple ID Phishing Scam
Phishing Attacks Elevate

Apparently, an attacker sending an RSN (802.11i) information element can cause the WiFi NIC to stop responding, said researchers Andres Blanco and Matias Eissler from Core Security’s Core Impact team.

The flaw affects Apple, HTC, Samsung, Acer, Motorola, LG, Sony Ericson and Asus products, including iPhone 4, iPod 3G, Xoom, Galaxy Tab, Nexus S, and Evo 4G. One interesting product that’s affected is the vehicle, Ford Edge.

The researchers informed Broadcom and the company released a statement saying a patch is now available.

“This DoS issue identified by CORE Security Technologies, which would require significant technical expertise to mount, could cause certain consumer electronics devices containing these chips to experience a transient WLAN service interruption as long as the DoS is active,” Broadcom officials said.

“During the service interruption, other phone/tablet features would be unaffected. The DoS issue does not in any way compromise the security of users’ data. Broadcom has a patch available that addresses the issue and makes devices that include the BCM4325 and BCM4329 immune to a potential attack.”

Since quite a few of the affected products are out of service, the patch will go out to customers on a case-by-case basis.

“Broadcom has been working with our customers providing information and fixes as required and will continue doing so in response to address security and performance issues that may be identified,” Broadcom said in its statement.

A technical description of the vulnerability and a proof-of-concept have are available.

Leave a Reply

You must be logged in to post a comment.