Recently, a researcher discovered a few security holes in a WiFi chip (Marvell Avastar 88W8897) used in BILLIONS of devices and computers. They include: Sony PlayStation 4, the Xbox One, Microsoft’s Surface laptops, Samsung’s Chromebooks, the Samsung Galaxy J1 smartphones, Valve SteamLink cast devices, some laptops, several routers other embedded devices, and network access hardware.
This security hole allows hackers to secretly inject malicious code into that Wifi chip, which in turn can be further exploited to inject more malicious code into the device/computer. The user merely have to (1) turn on WiFi and (2) get within physical Wifi radio range of the hacker to get compromised. The user don’t have to do anything to get hacked. It will happen silently and automatically.
The good news is, the hacker can not compromise your device/computer remotely via the Internet. He needs to be within physical proximity range to do that. Furthermore, there is no one-size-fit-all hack for all types of devices/computers. Each type of device/computer requires customised hack. Therefore, for now, your chances of being hacked is very low because the likelihood of such an advanced hacker within your vicinity is very low. But as time goes by, the likelihood will increase as knowledge spread within the underground hacker community.
Currently, what is unclear is whether this security hole can be patched with a firmware update (that is, an update of the software running inside the WiFi chip). If not, billions of devices/computers will be permanently vulnerable. Even if this problem can be fixed with a firmware update, device/computer manufacturers (especially the obscure ones) may not be willing or able to deploy them.
The security researcher have yet to provide full details of the security holes, but you can be sure that advanced hackers will be working on how to exploit them and writing software to enable the junior hackers to do that.
What you can do: remember to turn OFF Wifi wherever possible. I know this is not always feasible, but for the moment, it is the only thing you can do.
More information will be released soon and if you want to keep up to date on what you need to do to protect yourself, please subscribe to our emailing list.