Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it’s possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component.
Modern consumer electronic devices such as smartphones feature SoCs with separate Bluetooth, WiFi, and LTE components, each with its own dedicated security implementation.
However, these components often share the same resources, such as the antenna or wireless spectrum.
This resource sharing aims to make the SoCs more energy-efficient and give them higher throughput and low latency in communications.
As the researchers detail in the recently published paper, it is possible to use these shared resources as bridges for launching lateral privilege escalation attacks across wireless chip boundaries.
The implications of these attacks include code execution, memory readout, and denial of service.