Industry Expert Blogs

Embedi security researcher Denis Selianin recently disclosed a slew of major vulnerabilitiesthat impacted one of the most popular Wi-Fi chipsets on the market. According to various media reports, the affected SoC can be found in devices such as the Sony PlayStation 4, Xbox One, Microsoft Surface laptops, Samsung Chromebooks, Samsung Galaxy J1 smartphones and Valve SteamLink cast devices.

As Selianin notes in a detailed blog post, multiple techniques were used to remotely compromise devices packing the chip by exploiting a number of bugs in the SoC. These include closely examining the interaction between the Wi-Fi SoC and driver, firmware analysis, as well as static and dynamic (ThreadX runtime structures recovery & dynamic firmware instrumentation) firmware file analysis. In addition, Selianin hunted for bugs using fuzzing, engaged in basic ThreadX block pool overflow exploitation, exploited AP device driver vulnerabilities and even executed code on SteamLink’s application processor.

Click here to read more ...