With ICMP magic, you can snoop on vulnerable HiSilicon, Qualcomm-powered Wi-Fi


Miscreants may use a flaw found in at least 55 different Wi-Fi router types to eavesdrop on victims’ data as it is transmitted across a wireless network. The main purpose of the network layer protocol ICMP is to identify problems with network traffic. Although ICMP flood assaults can be used to abuse it for denial of service, it is primarily used for error reporting.

Details of a security flaw in the network processing units (NPUs) in Qualcomm and HiSilicon processors, which are at the core of many wireless access points, have been revealed by eggheads in China and the US. (APs). Since faked Internet Control Message Protocol (ICMP) messages can be exploited to hijack and monitor a victim’s wireless connectivity, the hole (CVE-2022-25667) prohibits the devices from blocking them.

Read More…