Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Wi-Fi Flaw Exposes Android Devices to Attacks

Serious WPA_Supplicant Vulnerability Allows Privilege Escalation, DoS Attacks 

A serious vulnerability affecting a Wi-Fi technology used in the Android operating system and many other products allows malicious actors to escalate privileges and cause a denial-of-service (DoS) condition on affected devices.

Serious WPA_Supplicant Vulnerability Allows Privilege Escalation, DoS Attacks 

A serious vulnerability affecting a Wi-Fi technology used in the Android operating system and many other products allows malicious actors to escalate privileges and cause a denial-of-service (DoS) condition on affected devices.

The flaw, discovered by Imre Rad of Hungary-based research company SEARCH-LAB, affects wpa_supplicant, the popular open source Wi-Fi Protected Access (WPA) supplicant.

The vulnerability can be exploited to write arbitrary values in the wpa_supplicant configuration file, allowing an attacker to execute arbitrary code with elevated privileges or disrupt a device’s Wi-Fi functionality. The weakness can be exploited either through a WPS attack (CVE-2016-4476) or the wpa_supplicant control interface (CVE-2016-4477).

Rad reported the vulnerability to Google on February 24 and the search giant later notified wpa_supplicant developers.

Google described the flaw as a high severity privilege escalation in the Wi-Fi component that allows a local malicious application to execute arbitrary code in the context of an elevated system application. The vulnerability, patched with this month’s Android security updates, affects versions 4.4.4, 5.0.2, 5.1.1, 6.0 and 6.0.1 of Google’s mobile operating system, which currently run on roughly 75 percent of Android devices.

The issue was initially assigned the CVE identifier CVE-2016-2447 for the Android platform, but Google updated the identifier to CVE-2016-4477 at MITRE’s request.

Wpa_supplicant developers patched the flaw in early May and SEARCH-LAB says fixes should be expected for a wide range of products from many vendors.

Advertisement. Scroll to continue reading.

Rad told SecurityWeek that he has developed a completely reliable proof-of-concept (PoC) exploit for the vulnerability. The expert noted that the flaw can be easily exploited by specially crafted Android applications that are granted the Wi-Fi management (CHANGE_WIFI_STATE) permission. If such a malicious app causes the Wi-Fi component to malfunction, the issue can only be addressed by resetting the device to its factory settings.

The researcher, who received an undisclosed reward from Google for reporting the flaw, believes the search giant is capable of identifying and banning applications that leverage this vulnerability on its official app store.

Related: Qualcomm Software Flaw Exposes Android User Data

Related: Wi-Fi Component Flaw Exposes Windows, Linux, OS X Systems

Related: Google Runs Over 400 Million Android Security Scans Daily

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights