Monday, April 19, 2021

Security Flaw Could Ground Wi-Fi Users

Wi-Fi users beware: Use your wireless computer in public and you could be opening yourself to the latest security risk.

Another security hole could be wide open the moment you switch on a Wi-Fi enabled laptop, warned a group of security investigators, including the Zeroday Emergency Response Team (ZERT), a security monitoring group loosely affiliated with Baylor University.

The flaw, a buffer overflow error in Broadcom’s (Quote)BCMWL5.SYS wireless driver, could allow nearby hackers to execute kernel-mode code, according to the Month of Kernel Bugs (MoKB) project, which first warned of the vulnerability.

Hackers already have a tool, the Metasploit Module, which can exploit the security opening, according to the organizations warning users. The exploit “can be used to inject any standard Windows payload into a vulnerable system,” according to ZERT’s advisory.

Windows laptop users do not need to do anything to be vulnerable. “Windows is exploitable without the existence of an Access Point (AP) or any interaction from the user,” according to ZERT. A Wi-Fi card’s background scan of available wireless networks triggers the flaw.

“If you are at an airport, coffee shop, or using your computer with wireless card enabled in any public place, you are at risk,” ZERT said.

Just how close an attacker needs to be to exploit the Wi-Fi bug depends on the hacker’s antenna and signal strength, according to the advisory.

Although chipmaker Broadcom revised its Wi-Fi driver after hearing from user “Johnny Cache,” one security group could not offer a patch for such a wide range of hardware. Building a patch for the many different vendors “is impractical,” ZERG wrote.

Instead, users who believe they are affected can check the manufacturer’s Web site, the researchers suggested. Some computer makers, such as Dell, have automatic update services.

This article was first published on InternetNews.com. To read the full article, click here.

Similar articles

Latest Articles

IT Planning During a...

Without a doubt, 2020 changed everything. I like to compare it to a science fiction movie where time travel is involved. Clearly, we have...

Best Data Quality Tools...

Data quality is a critical issue in today’s data centers. The complexity of the Cloud continues to grow, leading to an increasing need for...

NVIDIA’s New Grace ARM/GPU...

This week is NVIDIA’s GTC, or GPU Technology Conference, and they likely should have changed the name to ATC because this year – it...

What is Data Segmentation?

Definition of Data Segmentation Data segmentation is the process of grouping your data into at least two subsets, although more separations may be necessary on...