Spectra, the new attack that affects Wi-Fi and Bluetooth
The name will remind us of Specter. In this case it is a new practical attack that breaks the gap between the Wi-Fi and Bluetooth technologies that run on the same device, such as laptops, mobile phones, and tablets. It has been developed by security researchers from Germany and Italy.
This attack, which they have called Spectra, works against combined chips, specialized chips that can manage multiple types of wireless communications, such as Wi-Fi or Bluetooth.
The team of researchers behind this discovery indicate that Spectra is a new vulnerability class which is based on the fact that transmissions occur on the same spectrum and that wireless chips need to arbitrate access to the channel.
Specifically, the Spectra attack leverages the coexistence mechanisms that chipset providers include with their devices. The combo chips They use these mechanisms to switch between wireless technologies quickly.
They explain that this type of mechanisms allow to improve performance. However, they also leave the door open for possible side channel attacks and would allow a possible intruder to enter, an attacker who could exploit vulnerabilities.
First time to break this barrier on combo chips
The two groups that have participated in this project correspond to the Technical University of Darmstadt, from Germany, and the University of Brescia, from Italy. They assure that they are the first team that have managed to break this barrier of coexistence in combined chips.
They have analyzed the combined chips Broadcom and Cypress, which are present in many very popular devices, such as all iPhone, Macbook or Samsung phones. They managed to exploit Spectra by attacking the combo chip and the interface between the two technologies. They indicate that the results vary, but that in certain scenarios it is possible.
They also indicate that they identified a shared RAM region, which enables code execution via Bluetooth over Wi-Fi. This makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, greatly increasing the attack surface.
It should be noted that the technical details of this attack have not yet been made public. It is planned that in the next month of August they will provide all the information through a virtual conference they are going to do.
As we have indicated, there are many occasions when vulnerabilities can arise that lead to attacks. We leave you an article with the best free vulnerability scanners.