New Spectra Attack that breaks the division between Wi-Fi and Bluetooth to be released at Black Hat Security Conference
The Spectra assault exploits the coexistence mechanism that chipset merchants incorporate within their devices. Combo chips utilize these systems to switch between wireless technologies at a quick pace. Specialists state that while this coexistence mechanism speeds execution, they likewise give a chance to attackers for side-channel assaults. Jiska Classen from Darmstadt Technical University and Francesco Gringoli researcher from the University of Brescia state that they are the first to explore such possibility of using the coexistence mechanism of Combo chips to break the barrier between Wireless.
“We specifically analyze Broadcom and Cypress combo chips, which are in hundreds of millions of devices, such as all iPhones, MacBooks, and the Samsung Galaxy S series,” the two academics say. “We exploit coexistence in Broadcom and Cypress chips and break the separation between Wi-Fi and Bluetooth, which operate on separate ARM cores.” Results change. However, the research group says that specific situations are possible after a Spectra assault. “In general, denial-of-service on spectrum access is possible.
The associated packet meta-information allows information disclosure, such as extracting Bluetooth keyboard press timings within the Wi-Fi D11 core,” Gringoli and Classen said. “Moreover, we identify a shared RAM region, which allows code execution via Bluetooth in Wi-Fi. It makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, thus, tremendously increasing the attack surface.” Though the research used Broadcom and Cypress chips for Spectra attacks, the researchers Gringoli and Classen are sure that this attack will work on other chips.