Bug in popular wi-fi module allows remote takeover

Security researchers have discovered multiple vulnerabilities in the popular Realtek 8195A wi-fi module, the most severe of which allows attackers in radio range to fully compromise the card.

RTL8195A

The attack described by Vdoo researchers overflows a memory buffer during initial connection access negotiations and doesn't require knowledge of the network pre-shared key for authentication.

Vdoo found that the stack-based buffer overflow attack works regardless of the RTL8195 module being in wi-fi access point or client mode, and allows remote code execution or denial of service attacks.

Realtek has acknowledged the vulnerability which affects the RTL8195AM, RTL8711AM, RTL8177AF and RTL8710AF modules, used in many internet of things (IoT) applications.

The network device company's Ameba Arduino 2.0.8 has patches for the above vulnerability, and five others found by Vdoo.

Security researcher Dr Mathy Vanhoef, who discovered the KRACK key reinstallation attack in the wi-fi protected access version 2 protocol in 2017, told iTnews that the vulnerability looks serious as it doesn't require knowledge of the wi-fi password.

"Seems like this chip is mostly used by IoT devices, so you can abuse it to gain control over IoT devices that use the chip," he said.

"An attacker can also abuse it to gain access to someone's wi-finetwork if it contains a vulnerable IoT device," Vanhoef added.

Vanhoef said that best practice was to treat IoT devices as insecure by default.

Even then, since the most serious vulnerability discovered by Vdoo can be exploited by simply being in radio range, it looks impactful in practice, Vanhoef concluded.