Code execution flaws make routers and devices with Realtek Wi-Fi modules susceptible to attack

Get a free Techzine subscription!

The Taiwanese chip designer Realtek recently exposed vulnerabilities in their modules, used by over five dozen vendors in more than 200 products.

The vulnerabilities in Realtek’s SDKs allow remote attackers to crash devices and introduce secondary commands which interfere with the device’s function. Attackers can attack it through the same network or remotely through the internet. Additionally, these weaknesses can be misused by malware to hijack the Wi-Fi router or even public Wi-Fi spots.

These vulnerabilities were disclosed to Realtek by the German firm IoT Inspector, further adding that over a million devices include the particular Realtek RTL819xD module and SDKs vulnerable to attack.

Manufacturers that use the particular Wi-Fi modules were encouraged to check the devices and offer the customers security patches.

How do attackers penetrate these vulnerabilities?

Researchers identified hardware through the Shodan vulnerability search engine, and vendors with vulnerable kits include AsusTEK, Belkin, D-Link, Edimax, Hama, Logitech, etc.

The attacker must be on the same Wi-Fi network to penetrate systems successfully. However, unsecured ISP configurations can also put vulnerable devices to direct exposure from the internet. An attacker would gain access to the Wi-Fi module and the operating system within the embedded device.

Using VPNs does not necessarily prevent an attack, as Zephyr OS Bluetooth has left smartphones vulnerable to attacks.

What are the three SDK Iterations that include security fixes?

In the three SDK iterations that were identified, Realtek SDK v2.x is outdated and not supported anymore. The Realtek “Jungle” has security fixes, but they need to be backported. Finally, the most recent Realtek “Luna” SDK includes security fixes that are patched.

These security fixes need to be installed on devices through software updates. Unfortunately, even though Realtek has identified the flaws, it will take time for the solutions to make their way to the present equipment. Therefore, users must check their devices for firmware updates and deploy them when possible.