Million IoT devices affected due to the discovered Realtek SDK flaws

Security flaws possibly allow root access on vulnerable Wifi-enabled devices

Flaws within the Realtek chip allows a hacker to gain access to the host device.

Cybersecurity experts came upon threatening security vulnerabilities in Realtek chips that could affect more than 65 hardware manufacturers and a variety of wireless devices. This information came from the IoT inspector when packaged binaries were analyzed as part of the Realtek SDK.

It was later shared that at least a dozen and possibly more vulnerabilities were identified, some of them extremely critical, tied to command injection function or even memory corruption that could affect UPnP, HTTP (management web interface), and custom network service from Realtek.^[1]

It seems that these recent vulnerabilities could be exploited remotely. As of right now, Taiwanese chip designer Realtek shares information about four security flaws in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors.^[2]

Affected devices implement wireless capabilities and cover a wide spectrum of use cases: from residential gateways, travel routers, Wi-Fi repeaters, IP cameras to smart lightning gateways or even connected toys.

Flaws point to Realtek SDK v2.x, Realtek “Jungle” SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek “Luna” SDK up to version 1.3.2. Vulnerabilities vary from CVSS score 8.1 to 9.8. Heap buffer and stack buffer overflow vulnerabilities are classified with lesser risk levels.

However, multiple buffer overflow vulnerabilities and arbitrary command injection flaws are classified as very high risk. It could impact various devices with wireless capabilities: residential gateways, travel routers, WiFi repeaters, IP cameras, even toys. Among impacted manufacturers are names like D-Link, Edimax, Huawei, LG.

Realtek fails to keep up with cybersecurity

Realtek released patches for “Luna” SDK in version 1.3.2a, while users of the “Jungle” SDK should listen up and backport the fixes provided by the company. As Realtek is currently working to fix exposed flaws, security problems could follow in the future as cybersecurity experts state that Realtek's codebase is untouched for more than a decade.

The official IoT inspector research^[3] state that the vulnerability is distributed down the supply chain and that those are not new, but not taken into consideration, unfortunately:

Many testers identified this exact vulnerability in different devices from different vendors but never reported it to Realtek.

It is stated speculated that manufacturers with access to the Realtek source code failed to validate their supply chain and left the issue unattended. This caused recent vulnerabilities and threats to hundreds of thousands of customers. Realtek currently manufactures and sells microchips, designs communications network ICs, computer peripheral ICs, and multimedia ICs.^[4]

Recent attacks highlight the risk of supply chain attacks

Many experts recently are speaking up about supply chain attacks and threats that come with them. Kaseya's and Solar Winds attacks were the most talked about. However, the numbers are growing rapidly, and the goals of such actions vary too. Behind the SolarWinds incident was cyber espionage, whereas in Kaseya's case, the main goal was monetary gain.^[5]

Supply chain attacks have intensified, and hacker groups seem to look for easy ways to exploit the weakest links in business and digital supply chains. To avoid future problems, experts recommend taking all the necessary steps to protect data by finding out where it resides and who has access.^[6]

It is also deemed to be important to simply gain a better understanding of how hackers use the system's flaws. As hackers and threat actors are becoming more creative in their notorious actions, businesses and users should also be aware of that.