SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
28 Jan 2015

Android Wi-Fi Direct vulnerability details disclosed

Google and Core Security are at odds over the severity of a vulnerability affecting a number of Android mobile devices, details of which were released by the security vendor today.

The issue was reported to the Android security team on Sept. 26 and in subsequent communication between the two parties, the severity of the vulnerability was debated, culminating today with Core’s disclosure.

Google three times acknowledged Core’s report and request for a timeline on a patch, and each time Google said it did not have one. The flaw is a remotely exploitable denial-of-service vulnerability in Wi-Fi-Direct, a standard that allows wireless devices to connect directly. The implementation is used not only between Android devices, but also printers, cameras, PCs and more. Corelabs, Core’s research lab, said the vulnerability is an uncaught exception (CVE-2014-0997), and that Android devices scanning for Wi-Fi Direct devices are affected.

“An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class,” Core said in its advisory published today on the Full Disclosure mailing list. Expert Jon Oberheide of Duo Security said that since devices aren’t continuously scanning for peer-to-peer connections, the severity of the vulnerability is lessened.

“So, given the limited vulnerability window when a device may be looking for peers, the requirement that an attacker must have physical proximity to broadcast the malformed IEs to the victim’s device, and the impact of only causing a device reboot, I think it’s fairly low severity,” he said. Core identified Nexus 5 and Nexus 4 devices running Android 4.4.4 are vulnerable, as are LG D806 and Samsung SM-T310 devices running Android 4.2.2, and Motorola Razr HD devices on 4.1.2. Android 5.0.1 and 5.0.2 are not vulnerable, according to the advisory.

“On some Android devices when processing a probe response frame with a WiFi-Direct information element that contains a device name attribute with specific bytes generates a malformed supplicant event string that ends up throwing the IllegalArgumentException,” Core said in its advisory. “As this exception is not handled, the Android system restarts.” Details and vulnerable code snippets and a proof of concept are available on the advisory.

The dispute between the two sides began in late September when Core informed the Android security team, sending it technical details and the proof of concept, as well as a publication date of Oct. 20. Google said on Oct. 16 that it classified the vulnerability as low severity and that it did not have a timeline to release a patch. Core said in its reply that it did not agree with the classification, and that it would reschedule publication of its advisory. Google then “strengthened its position” that it had no immediate plans to patch, Core said.

Earlier this month, Core resurrected the issue, to which Google replied on Jan. 16 that it still had no timeline for a patch release. On Jan. 19, Core asked Google for cooperation in order to “keep the process coordinated” and informed the Android security team that the advisory was rescheduled to today. Once more on Jan. 20, Google said it had no patch timeline.

The spat comes on the heel of recent disclosures by Google’s Project Zero research team. Around the first of the year, Project Zero disclosed a trio of Windows zero-day vulnerabilities, one of those two days before Microsoft had scheduled to release a patch. Then last week, Project Zero’s self-imposed 90-day deadline on three Apple Mac OS X vulnerabilities expired.

Tags:
Android information leaks Wi-Fi
Source:
Threatpost
1582
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015