LandzDown Forum

Software & More => Web News => Topic started by: Antus67 on January 22, 2019, 11:24:33 AM

Title: Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution
Post by: Antus67 on January 22, 2019, 11:24:33 AM
BY: Zeljka Zorz, Managing EditorJanuary 21, 2019

The discovery was made by Embedi researcher Denis Selianin, who decided to first analyze the code of the Marvell Avastar Wi-Fi driver code, which loads firmware to Wi-Fi SoC (system on chip), and then to engage in fuzzing the firmware.

“A device manufacturer supplies appropriate firmware images and operating system device drivers, so during startup, a driver can upload firmware enabling its main functionality to the Wi-Fi SoC,” he explained.

(https://www.helpnetsecurity.com/images/posts2019/wifi-soc-firmware-loading.jpg)

Full Article Here:https://www.helpnetsecurity.com/2019/01/21/marvell-avastar-wi-fi-vulnerability/ (https://www.helpnetsecurity.com/2019/01/21/marvell-avastar-wi-fi-vulnerability/)
Title: Re: Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution
Post by: plodr on January 22, 2019, 12:58:22 PM
This is the part I was interested in
Quote
The vulnerable Marvell Avastar Wi-Fi can be found in Sony PlayStation 4, Microsoft Surface computers, Xbox One, Samsung Chromebooks, certain smartphones (e.g., Galaxy J1), Valve SteamLink and other devices.

There are so many security stories that I want to know at the outset, Do I need to worry?

Since I own a Galaxy J3 Emerge, I'll need to discover what wifi chipset is in my phone.

I also wonder what "other devices" are vulnerable.