In October 2017 @grahroll posted about a vulnerability in WiFi’s most secure security protocol, WPA2.
Unfortunately, things have become worse, but with a new form of vulnerability in an extremely popular WiFi chip.
To summarise, Marvell manufactures WiFi firmware chips that are used in literally billions of devices including phones, Xbox One, PlayStation 4, Microsoft Surface devices and more. These are not the main processor, but a chip that almost certainly is unpatchable in most devices and is invisible to the user.
A security researcher has discovered a flaw in this chip that allows hands-free, invisible-to-the-owner access to the WiFi chip. This has been confirmed for the Marvell Avastar 88W8897 SoC (system-on-a-chip), which is found in all the above devices.
Okay, but it’s not the main processor so it doesn’t affect my data… right? Just the encrypted data travelling to and from my device? Wrong, because to speed up transfers between your WiFi connection and your main processor the WiFi chip has direct access to main memory.
Every five minutes your WiFi chip scans for surrounding networks, regardless of whether it is currently connected. The current bug apparently makes use of that scan to connect and crash the chip’s software, at which point an attacker can run code on your device.
While the full details of the vulnerability remain a secret, it is highly likely that ‘bad people’ are already trying to recreate it. Marvell has stated (claimed?) that it is device-specific (so does not apply to all of the 6.2 billion devices that the linked article originally suggested), but this is a chip that has been in production for ten years - and so the billion number is still likely to be fairly reasonable as a first estimate.
I have my phone set up to disconnect from WiFi when I leave the house. This saves my battery and protects me from the many attacks that are available over WiFi. Again, advice from @PhilT in the afore-mentioned thread to not keep WiFi on in a public place is good advice. Any attacker - once an attack has been developed - will need to be in your vicinity to attack your device and/or network.
