logo
logo

Systems-on-a-chip are a huge, unaudited attack surface, says Project Zero's Wi‑Fi attack man

avatar
Julie Romero
img

The internal inter-chip communications of devices like smartphones are a “huge, mostly unaudited attack surface,” according to Gal Beniamini of Google’s Project Zero, in his promised follow-up to last week’s demonstration of how to attack Wi‑Fi chips over the air.

His April 4 “part one” prompted emergency patches from Apple and Google, new drivers from Broadcom and a lot of scratched heads about which other devices use the FullMAC system-on-chip (SoC) devices.

Beniamini calls for better memory isolation between SoCs and the host processors, along with exploit mitigations like stack cookies, to protect devices against Wi‑Fi-borne attacks.

Beniamini’s first post only got as far as remote code execution on the Wi‑Fi chip itself, but at the time he said there are paths from the SoC up to the application processor.

He's now detailed those issues in 8,300 words of gory detail here.

If you don’t have much time, Beniamini found both low-level (the easy way) and high-level (the hard way) communication paths that made the application processor attackable:

collect
0
avatar
Julie Romero
guide
Zupyak is the world’s largest content marketing community, with over 300 000 members and 3 million articles. Explore and get your content discovered.