Serious WPA_Supplicant Vulnerability Allows Privilege Escalation, DoS Attacks
A serious vulnerability affecting a Wi-Fi technology used in the Android operating system and many other products allows malicious actors to escalate privileges and cause a denial-of-service (DoS) condition on affected devices.
The flaw, discovered by Imre Rad of Hungary-based research company SEARCH-LAB, affects wpa_supplicant, the popular open source Wi-Fi Protected Access (WPA) supplicant.
The vulnerability can be exploited to write arbitrary values in the wpa_supplicant configuration file, allowing an attacker to execute arbitrary code with elevated privileges or disrupt a device’s Wi-Fi functionality. The weakness can be exploited either through a WPS attack (CVE-2016-4476) or the wpa_supplicant control interface (CVE-2016-4477).
Rad reported the vulnerability to Google on February 24 and the search giant later notified wpa_supplicant developers.
Google described the flaw as a high severity privilege escalation in the Wi-Fi component that allows a local malicious application to execute arbitrary code in the context of an elevated system application. The vulnerability, patched with this month’s Android security updates, affects versions 4.4.4, 5.0.2, 5.1.1, 6.0 and 6.0.1 of Google’s mobile operating system, which currently run on roughly 75 percent of Android devices.
The issue was initially assigned the CVE identifier CVE-2016-2447 for the Android platform, but Google updated the identifier to CVE-2016-4477 at MITRE’s request.
Wpa_supplicant developers patched the flaw in early May and SEARCH-LAB says fixes should be expected for a wide range of products from many vendors.
Rad told SecurityWeek that he has developed a completely reliable proof-of-concept (PoC) exploit for the vulnerability. The expert noted that the flaw can be easily exploited by specially crafted Android applications that are granted the Wi-Fi management (CHANGE_WIFI_STATE) permission. If such a malicious app causes the Wi-Fi component to malfunction, the issue can only be addressed by resetting the device to its factory settings.
The researcher, who received an undisclosed reward from Google for reporting the flaw, believes the search giant is capable of identifying and banning applications that leverage this vulnerability on its official app store.
Related: Qualcomm Software Flaw Exposes Android User Data
Related: Wi-Fi Component Flaw Exposes Windows, Linux, OS X Systems
Related: Google Runs Over 400 Million Android Security Scans Daily
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April
- US to Adopt New Restrictions on Using Commercial Spyware
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
- Australia Dismantles BEC Group That Laundered $1.7 Million
- ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
- Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks
- GitHub Rotates Publicly Exposed RSA SSH Private Key
