A vulnerability that can be exploited to disrupt networks has been found in a Broadcom Wi-Fi chipset by researchers at application security company Black Duck.
The researchers discovered the security hole while testing an Asus router, but further analysis conducted in collaboration with the vendor revealed that the issue actually existed in Broadcom chipset software used by the router.
The vulnerability could pose a significant threat as it can be exploited by an unauthenticated attacker to disrupt network connectivity in organizations that use always-on wireless access.
Specifically, an attacker can use a single specially crafted Wi-Fi frame to disable a router’s 5 GHz network, and disconnect active clients and prevent them from reconnecting.
The attack bypasses WPA2 and WPA3 protections, and it can be repeated indefinitely to cause prolonged network disruptions. However, the cybersecurity firm pointed out that Ethernet connections and the 2.4 GHz network are not affected by the attack.
Broadcom has been notified, and it told Black Duck that it has provided a patch to device manufacturers that use its chipset.
Asus has released firmware updates for its affected products, but it’s unclear which other vendors use the impacted chipset. Black Duck noted that the affected Broadcom chipset is widely used in enterprise, consumer, and embedded routers.
The security firm has not made public any technical details to prevent malicious exploitation of the vulnerability.
“This [attack] has the potential to open the door to evil twin attacks where the real access point is knocked offline and a rogue one with the same name and password replaces it,” warned James Maude, Field CTO at BeyondTrust.
“While the risks of network traffic interception have decreased thanks to the widespread adoption of HTTPS encryption, there is still the risk of captive portals. When the user tries to restore their network connection they are presented with a captive phishing portal requesting their personal or corporate credentials leading to identity compromise,” Maude explained.
Randolph Barr, CISO at Cequence Security, described a few possible attack scenarios involving this vulnerability.
“Based on what I’ve seen, problems like this don’t usually stay limited to ‘IT issues’. Most offices today use wireless connections more than traditional ones,” Barr said. “Imagine being on a Zoom escalation call with a customer and the network goes down.”
“Even worse, imagine a board meeting where the CEO is discussing financial results, strategy, or an acquisition update, and the connection drops in the middle of the presentation. These times aren’t simply annoying; they can hurt your credibility, slow down decision-making, and make consumers, partners, and executives lose trust in you,” he added.
Related: Over 50,000 Asus Routers Hacked in ‘Operation WrtHug’
Related: Cisco Routers Hacked for Rootkit Deployment
Related: Unauthenticated RCE Flaw Patched in DrayTek Routers
