Serious WPA_Supplicant Vulnerability Allows Privilege Escalation, DoS Attacks
A serious vulnerability affecting a Wi-Fi technology used in the Android operating system and many other products allows malicious actors to escalate privileges and cause a denial-of-service (DoS) condition on affected devices.
The flaw, discovered by Imre Rad of Hungary-based research company SEARCH-LAB, affects wpa_supplicant, the popular open source Wi-Fi Protected Access (WPA) supplicant.
The vulnerability can be exploited to write arbitrary values in the wpa_supplicant configuration file, allowing an attacker to execute arbitrary code with elevated privileges or disrupt a device’s Wi-Fi functionality. The weakness can be exploited either through a WPS attack (CVE-2016-4476) or the wpa_supplicant control interface (CVE-2016-4477).
Rad reported the vulnerability to Google on February 24 and the search giant later notified wpa_supplicant developers.
Google described the flaw as a high severity privilege escalation in the Wi-Fi component that allows a local malicious application to execute arbitrary code in the context of an elevated system application. The vulnerability, patched with this month’s Android security updates, affects versions 4.4.4, 5.0.2, 5.1.1, 6.0 and 6.0.1 of Google’s mobile operating system, which currently run on roughly 75 percent of Android devices.
The issue was initially assigned the CVE identifier CVE-2016-2447 for the Android platform, but Google updated the identifier to CVE-2016-4477 at MITRE’s request.
Wpa_supplicant developers patched the flaw in early May and SEARCH-LAB says fixes should be expected for a wide range of products from many vendors.
Rad told SecurityWeek that he has developed a completely reliable proof-of-concept (PoC) exploit for the vulnerability. The expert noted that the flaw can be easily exploited by specially crafted Android applications that are granted the Wi-Fi management (CHANGE_WIFI_STATE) permission. If such a malicious app causes the Wi-Fi component to malfunction, the issue can only be addressed by resetting the device to its factory settings.
The researcher, who received an undisclosed reward from Google for reporting the flaw, believes the search giant is capable of identifying and banning applications that leverage this vulnerability on its official app store.
Related: Qualcomm Software Flaw Exposes Android User Data
Related: Wi-Fi Component Flaw Exposes Windows, Linux, OS X Systems
Related: Google Runs Over 400 Million Android Security Scans Daily