Critical vulnerabilities have been found in one of Realtek’s most popular wifi modules, the Realtek RTL8195A wifi module. Analysis by the IoT security firm Vdoo, discovered that six major vulnerabilities exist in the wifi module. Realteks’s RTL8195A module is a low-powered, compact Wi-Fi module used for embedded devices. The module has supported software from a number of large vendors such as Google, Samsung, and Amazon. Once an attacker has exploited the vulnerability in the module, they are able to gain access to the Wi-Fi module, and possible the application processor too.
Uriya Yavniely, Security Researcher, at Vdoo said that “the most severe issue we discovered is VD-1406, a remote stack overflow that allows an attacker in the proximity of an RTL8195 module to completely take over the module, without knowing the Wi-Fi network password (PSK) and regardless of whether the module is acting as a Wi-Fi access point or client.” Realtek has also published a bulletin concerning the vulnerability.
Commenting on the vulnerability, Stephen Kapp, CTO of Cortex Insight, said that as users are unable to know if a device uses the vulnerable Realtek WiFi module, it is up to device vendors to issue updates. “It is difficult to know what devices have the vulnerable Realtek WiFi module within them. Consequently, it can be impossible for end-users to know if they need to update their device. This pushes the responsibility to the device vendor using the Realtek module to produce an update which installs the updated module firmware to any affected devices and ultimately ensure the device in question can accept a firmware update via some form of update mechanism.”