New 'Spectra' Attack Breaks The Separation Between Wi-Fi And Bluetooth

Spectra
Image: Jiska Classen

Academics from Germany and Italy say they developed a new practical attack that breaks the separation between Wi-Fi and Bluetooth technologies running on the same device, such as laptops, smartphones, and tablets.

Called Spectra, this attack works against "combo chips," specialized chips that handle multiple types of radio wave-based wireless communications, such as Wi-Fi, Bluetooth, LTE, and others.

"Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access," the research team said today in a short abstract detailing an upcoming Black Hat talk.

More particularly, the Spectra attack takes advantage of the coexistence mechanisms that chipset vendors include with their devices. Combo chips use these mechanisms to switch between wireless technologies at a rapid pace.

Researchers say that while these coexistence mechanisms increase performance, they also provide the opportunity to carry out side-channel attacks and allow an attacker to infer details from other wireless technologies the combo chip supports.

Jiska Classen, from the Darmstadt Technical University, and Francesco Gringoli, from the University of Brescia, say they are the first research team to explore the possibility of breaking this coexistence barrier on combo chips.

"We specifically analyze Broadcom and Cypress combo chips, which are in hundreds of millions of devices, such as all iPhones, MacBooks, and the Samsung Galaxy S series," the two said.

"We exploit coexistence in Broadcom and Cypress chips and break the separation between Wi-Fi and Bluetooth, which operate on separate ARM cores."

Exploiting Spectra requires attacking a combo chip with malformed wireless traffic, and then attacking the chip interface between the two technologies.

Results vary, but the research team says that certain scenarios are possible following a Spectra attack.

"In general, denial-of-service on spectrum access is possible. The associated packet meta information allows information disclosure, such as extracting Bluetooth keyboard press timings within the Wi-Fi D11 core," Classen and Gringoli say.

"Moreover, we identify a shared RAM region, which allows code execution via Bluetooth in Wi-Fi. This makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, thus, tremendously increasing the attack surface.

Furthermore, even if researchers analyzed only Broadcom and Cypress chips for their work, Classen and Gringoli say that other combo chipset manufacturers are most likely vulnerable to Spectra attacks as well.

Additional technical details about the attack have not yet been made public. The research team plans to provide a technical rundown during a virtual session at the Black Hat security conference in August.

An academic paper detailing the Spectra attack in greater depth will also be made available at the same time, in August.

RECENT NEWS

How Fintech Is Revolutionizing Traditional Banking

How fintech is revolutionizing traditional banking is a topic that is garnering positive and immense discourse within th... Read more

Blockchain And Its Impact On Fintech Industry

Blockchain and its impact on Fintech Industry has become a hot topic in the current digital era. The amalgamation of blo... Read more

The Rise Of Fintech In The Digital Era

In the heart of the digital revolution, we've observed a term termed as "fintech" creating a substantial and transformat... Read more

Role Of Fintech In Transforming Retail Banking

The role of fintech in transforming retail banking is producing significant changes in the financial services industry. ... Read more

Fintech Innovations In Asset Management

Financial technology, or FinTech, refers to the blending of financial services with technology. The importance of FinTec... Read more

Exploring The Future Of Accounting Software: Unveiling The Power Of AI

The revolutionary ignition sparked by artificial intelligence (AI) cannot be understated in contemporary business ecosys... Read more