Bugs in billions of WiFi, Bluetooth chips allow password, data theft

Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it’s possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component. Modern consumer electronic devices such as smartphones feature SoCs with separate Bluetooth, WiFi, and LTE components, each with its own dedicated security implementation.

To exploit these vulnerabilities, the researchers first needed to perform code execution on either the Bluetooth or WiFi chip. While this is not very common, remote code execution vulnerabilities affecting Bluetooth and WiFi have been discovered in the past.

One piece of good news is that according to the testing in this article, the Raspberry Pi 3B is not vulnerable.  The Raspberry Pi 3B is what we use to build the AMENDMENT1.

Link: Bugs in billions of WiFi, Bluetooth chips allow password, data theftvia www.bleepingcomputer.com