I presumed that if faulty firmware can be 'fuzzed' to produce exploits then one of those exploits could be overwriting the firmware on the card itself. I don't see how big of a difference it would be to find a exploitable hole in a OS driver or firmware for a network card and then write new firmware as long as that it is possible for the OS or card itself to write new firmware. (Kinda interesting because that 'open' firmware code is something that RMS and his fan club has been clamoring for if the card itself is writable. Open firmware could be required to produce effective defenses against these sort of attacks) And it's common for wireless drivers to have loadable firmware anyways (more sophisticated wired ethernet cards shouldn't be too far behind), so if you get system access then you could hack the card's firmware (either in a file on Linux or embedded in the driver binary for windows) to do all sorts of nasty stuff. That way, depending on your goal, (say you want network access, but you don't care about 'owning' the access point) you could stealthily introduce a firmware hack that would allow you to get WPA keys, sniff traffic, or something like that if you send a specially crafted packet.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds