• HOME

  • ABOUT

  • SOLUTIONS

  • PAPERS AND PUBLICATIONS

  • CONTACT

  • Blog

  • More

    washingtoncybercenter.com

    © 2023 by Marketing Solutions. Proudly created with Wix.com

    Cybersecurity and Connected Vehicles

    December 11, 2019

    Cybersecurity, the Holiday Season and the Grinch

    December 6, 2019

    Cybersecurity, Vendors and Stolen Laptops

    December 2, 2019

    Cybersecurity and Dental Services

    November 29, 2019

    Cybersecurity and IT Firms

    November 25, 2019

    Cybersecurity and Small Town Attacks

    November 22, 2019

    Cybersecurity and Online Gaming

    November 18, 2019

    Cybersecurity, Backup Services and Ransomware

    November 15, 2019

    Cybersecurity, PLCs and DoS

    November 4, 2019

    Cybersecurity and Student Loans

    November 1, 2019

    Please reload

    Recent Posts

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Featured Posts

    Cybersecurity and WiFi

    May 13, 2019

    |

    Charles Parker, II

    All is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth.

     

    In the Meadow, the residents are a bit located off the beaten path. Our highlight for the week tends to be driving to Margie’s Ice Cream Parlor on Friday night. On a special occasion, we may see turkeys in the field on the way there. Although we may seem not to be on the leading edge of

    technology, we certainly try and use the latest smartphones and laptops. With these devices, there have been various issues with antennas, batteries, and other hardware. A recent vulnerability involved the firmware on WiFi chips.

     

    WiFi chips are used in numerous devices we use in the Meadow on a daily basis. These include gaming equipment, personal computers, business equipment, communications, IoT devices, and many other examples.

     

    With the hardware WiFi process for the individual piece of equipment, the device beacons out, seeking the WiFi points the device is familiar with, with no regard as to the access password. In effect, it is seeking to know what is local and proximate it may connect with. This feature/vulnerability may allow the device to attach to the attacker’s device without any interaction.

     

    Other attacks involve rewriting the pointer to the next free block of memory and controlling the allocation for the next memory block to be used. This may prima facie appears to be mundane and not very exciting. By being able to have the ability to change the pointer for the next block, the attacker could adjust the flow to an out-of-process run-time pointer. The attacker could tell the target/victim computer to alter its normal operation, without authorization. This could run the attacker’s code or process. There are also other vulnerabilities with this.

     

    Vulnerability

    The firmware on these devices varies greatly. These, unfortunately, have various levels of security applied to them through the development process. In this particular instance, a vulnerability was detected in Thread X. Thread X is a real-time operating system (RTOS) created by ExpressLogic.

     

    This is not a low usage RTOS, as there are over 6.2B deployments. This makes the vulnerability one of the most widely used software packages. One vulnerability detected involved the block and pool overflow. This issue could be initiated when the chip scans for networks to connect with. The process is done every five minutes, regardless if the device is connected or not.

     

    Uses

    The firmware is more expansive in numbers and device usage. This is found in the Avastar 88W 8897 SOC (system on chip), WiFi, Bluetooth, and near field communications (NFC) in Marvell, Sonly Playstation 4 and Pro, Microsoft Surface and Pro tablets, Xbox One, Samsung Chromebook, Galaxy J1 smartphone, and Valve Steam Link.

     

    Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.

     

    Resources

    BeauHD. (2019, January 18). Firmware vulnerability in popular wi-fi chipset affects laptops, smartphones, routers, gaming devices. Retrieved from https://it.slashdot.org/story/19/01/18/2333237/firmware-vulnerability-in-popular-wi-fi-chipset-affects-laptops-smartphones-routers-gaming-devices

     

    Ilascu, I. (2019, January 18). Vulnerabilities found in highly popular firmware for wifi chips. Retrieved from https://www.bleepingcomputer.comnews/security/vulnerabilities-found-in-highly-pupular-fimrware-for-wifi-chips/

     

    Information Security Newspaper. (2019, January 18). Vulnerabilities found in wifi chips firmware. Retrieved from https://www.securitynewspaper.com/2019/01/18/vulnerabilities-found-in-wifi-chips-firmware/

     

    About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

    Share on Facebook
    Share on Twitter
    Please reload

    Follow Us

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Search By Tags

    December 2019 (3)

    November 2019 (7)

    October 2019 (7)

    September 2019 (9)

    August 2019 (10)

    July 2019 (8)

    June 2019 (9)

    May 2019 (10)

    April 2019 (9)

    March 2019 (10)

    February 2019 (8)

    January 2019 (9)

    December 2018 (8)

    November 2018 (9)

    October 2018 (9)

    September 2018 (7)

    August 2018 (9)

    July 2018 (9)

    June 2018 (11)

    May 2018 (6)

    April 2018 (9)

    March 2018 (9)

    February 2018 (8)

    January 2018 (6)

    December 2017 (8)

    November 2017 (7)

    October 2017 (10)

    September 2017 (9)

    August 2017 (10)

    July 2017 (8)

    June 2017 (10)

    May 2017 (8)

    April 2017 (7)

    March 2017 (8)

    February 2017 (7)

    January 2017 (8)

    December 2016 (11)

    November 2016 (14)

    October 2016 (14)