{"id":17242,"date":"2019-01-19T17:05:51","date_gmt":"2019-01-19T23:05:51","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=17242"},"modified":"2019-01-19T17:05:51","modified_gmt":"2019-01-19T23:05:51","slug":"remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=17242","title":{"rendered":"Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi"},"content":{"rendered":"<blockquote><p>That\u2019s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn\u2019t connected to any network). For example, one can do RCE in just powered-on Samsung Chromebook. So just to summarize:<\/p>\n<ol>\n<li>It doesn\u2019t require any user interaction.<\/li>\n<li>It can be triggered every 5 minutes in case of GNU\/Linux operating system.<\/li>\n<li>It doesn\u2019t require the knowledge of a Wi-Fi network name or passphrase\/key.<\/li>\n<li>It can be triggered even when a device isn\u2019t connected to any Wi-Fi network, just powered on.<\/li>\n<\/ol>\n<\/blockquote>\n<p>Source: <em><a href=\"https:\/\/embedi.org\/blog\/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce\/\">Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE \u2013 Embedi<\/a><\/em><\/p>\n<blockquote><p>In this research, I used ALFA networks wireless adapter in the monitor mode, which is based on Realtek 8187 wireless chipset. The exploit can be implemented with python <a href=\"https:\/\/github.com\/secdev\/scapy\">Scapy<\/a> framework. For some reason, Ubuntu GNU\/Linux distrubution isn\u2019t good enough to inject Wi-Fi frames fast, so it is better to use Kali.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>That\u2019s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn\u2019t connected to any network). For example, one can do RCE in &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=17242\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110],"tags":[1125,698,1104,78],"class_list":["post-17242","post","type-post","status-publish","format-standard","hentry","category-networking","tag-exploit-vector","tag-security-research","tag-soc","tag-wifi"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/17242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=17242"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/17242\/revisions"}],"predecessor-version":[{"id":17243,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/17242\/revisions\/17243"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=17242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=17242"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=17242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}