Almost every well-known company uses Realtek chips. Attackers can acquire complete control of the device, installed operating systems, and other network devices thanks to a vulnerability in the Realtek RTL819xD module. Over a dozen of vulnerabilities are found in these chips.
What happens if an attacker gains access to it?
- provides full control of the Wi-Fi module
- gains root access to the operating system
“Realtek immediately provided an appropriate patch. Manufacturers using vulnerable Wi-Fi modules are strongly encouraged to check their devices and provide security patches to their users,” said Florian Lukavsky, Managing Director of IoT Inspector.
Patched Versions
- Realtek SDK branch 2.x: no longer supported by Realtek
- Realtek “Jungle” SDK: patches will be provided by Realtek and needs to be backported
- Realtek “Luna” SDK: version 1.3.2a contains fixes
The manufacturers along with the consumers are very little aware and concerned about the security of such devices. They are highly dependant on several components from other manufacturers present in their supply chain without a well-established vulnerability testing technique. Therefore, such components come along with a high risk of exploitation. Adcy.io recommends perform proper vulnerability assessments and detect security flaws before they are discovered by attackers.