A HACKER may take delivery of your PlayStation 4, Xbox One, Microsoft Surface or one of more than one BILLION devices to other wireless devices by supporting the WiFi range for five minutes or less.
A bug found in the software for a very popular set of WiFi chips made by a company called ThreadX "can be activated without user interaction when scanning available networks" according to Embedi researcher Denis Selianin, as reported from ZDNet's Zero Day security blog.
A technically skilled neo-do-well only has to wait for the device to automatically scan WiFi networks – something that the chips do once every five minutes – and send the code back in response.
"That's why this bug is so interesting and offers the opportunity to exploit devices literally with zero-click interaction in any state of the wireless connection (even when a device is not connected to any network)," Selianin said.
He claims to have found two different ways in which electronic pods could exploit this bug, with one applicable to any device that runs ThreadX wireless firmware.
This includes Xbox One, PlayStation 4, Microsoft Surface Laptops, some Samsung smartphones – in fact, a total of 6.2 billion devices may be at risk.
GAMES FOR GOOD
The British player raises 225,000 pounds for charity while the flow of Donkey Kong becomes global
Animal Crossing Switch revealed after Nintendo's epic troll
DEAD AT ARRIVAL
The sexy fighting game famous for "boob jiggle" is attenuated by #metoo
ZOMBI YOUR BRANDS
Release date of Resident Evil 2 remake and how to play the demo
These include everything from cameras to wireless bells, printers, smart thermostats and more.
The only way to block the exploit currently is to turn off the WiFi completely – which is not possible for many smaller devices – and at the time of writing a patch for the defect it had not been released.
Selianin claims to have identified four different "memory corruption problems" in ThreadX that have the potential to be exploited in this way.
While Selianin has released proof of the flaw discovered in the works, he has not publicly shared his code to exploit it.
We pay for your stories! Do you have a story for The Sun Online news team? Write to us at firstname.lastname@example.org or call 0207 782 4368. We pay for video mashed potato. Click here to to load your.