cutimage - Fotolia
Lenovo announced that a previously disclosed flaw in Broadcom Inc.'s Wi-Fi controller chips affects its ThinkPad product. What is the Broadcom flaw, and how can it be used by attackers?
Broadcom's Wi-Fi controller chips are vulnerable to a critical memory flaw. Attackers can exploit the Broadcom flaw to cause remote chip control or denial-of-service (DoS) attacks in the Lenovo ThinkPad. Gaining access to the memory in the chip is not required, and very little knowledge or skill is necessary to render all the radio resources useless.
The Broadcom flaw allows attackers to create a malformed Radio Resource Management (IEEE 802.11k) Neighbor Report frame that contains measurements of radio resources. Successful exploitation can trigger an internal buffer overflow in the Wi-Fi controller chips, enabling attackers to insert a backdoor into the chip's firmware (CVE-2017-11120). After gaining remote control, attackers can send a series of read/write commands through this backdoor, and then the internal buffer overflow will prevent clients from sending legitimate neighbor reports to each other.
Attackers can also use over-the-air Fast Transition, also known as Fast Roaming/Fast BSS Transition (IEEE 802.11r), frames to cause DoS problems by triggering heap or stack overflows (CVE-2017-11121). This protocol reduces the length of time it takes to re-establish connectivity between a laptop and the Wi-Fi infrastructure, as both the length of time it takes to re-connect to Wi-Fi and the interruptions visible to the human eye would cause the user to be suspicious.
By using heap and stack overflows in memory, the stack can either grow into the heap or overrun it. Some heap chucks are created when certain memory functions are freed after the initialization of the chip's firmware, while other data and patches to the memory can be adversely impacted.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Wireless network security
Related Q&A from Judith Myerson
New speculative execution vulnerabilities have been found affecting Intel processors. Learn how these flaws can lead to side-channel attacks with ... Continue Reading
Qihoo 360 Netlab researchers found that TZSP traffic was being redirected from vulnerable routers. Learn what this type of traffic is and how this ... Continue Reading
Researchers from Positive Technologies found flaws affecting NCR ATMs. Discover how these ATM vulnerabilities work and how a patch can mitigate this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.