Realtek, a well-known hardware company, had been put to risk recently due to the chip called RTL819xD, where attackers had found vulnerability to get complete access into user devices, operating systems, and all other network devices. This compromised chip has been used by many familiar hardware manufacturers worldwide. It is mainly found and utilised inside wireless router devices, VoIP, IP cameras, repeaters, smart devices controls, and a lot more. Some of the affected manufacturers with the attack include Belkin, Netgear, Hama, AsusTEK, D-Link, and Edimax. There’s still more aside from this mentioned list.
According to the director of IoT Inspector, a firmware security analysis platform, Florian Lukavsky, their security researchers have been analysing the said vulnerability and attacks that have apparently affected over a hundred thousand devices worldwide. Upon reaching out to Realtek, the company have immediately mitigated the problem by providing an appropriate patch against it. Moreover, they have strongly advised many manufacturers to inspect and monitor their devices and give the updated patches to their users, especially those using vulnerable WiFi modules.
What can attackers do with this Realtek chip vulnerability?
In usual cases, successful attacks require threat actors to be using the same WiFi network. But sometimes, there are ISP configurations that can be defective, which can strengthen the chances of attack vulnerabilities towards devices in direct connection to the internet. Once an attacker gains full control over a WiFi module and root access to its operating system installed to the device, vulnerabilities could happen. Concerning this matter, Realtek’s chipset has been found to have over dozen vulnerabilities.
Researchers have also added that since awareness among both users and manufacturers regarding these concerns has been too limited as they majorly rely on how the components were built by other manufacturers, risks become unpredictable and more likely to happen. Reports also state that at least 38 per cent of security firms worldwide have limited policies and tools in managing IoT devices, so manufacturers are being pushed to apply regulations to control and mitigate potential security risks.