Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Wi-Fi SSID names could allow to crash or hack mobile devices

Security researchers discovered a bug in WiFi SSID management that could be exploited by hackers to crash Android, Windows, Linux systems or hack them. In an e-mail published on the Open Source Software Security (oss-security) mailing list, a user reported a serious vulnerability that could allow attackers to crash devices or even potentially inject malware […]

Wi-Fi SSID names could allow to crash or hack mobile devices

Security researchers discovered a bug in WiFi SSID management that could be exploited by hackers to crash Android, Windows, Linux systems or hack them.

In an e-mail published on the Open Source Software Security (oss-security) mailing list, a user reported a serious vulnerability that could allow attackers to crash devices or even potentially inject malware into their system by using crafted P2P SSID names.

The flaw was discovered by the security team at Alibaba and reported to wpa_supplicant maintainer Jouni Malinen by the Google security team.

The attack occurs via a malicious wireless peer-to-peer network name, the attack relies in how wpa_supplicant “uses SSID information parsed from management frames that create or update P2P peer entries” in the list of available networks.

The experts explained that the flaw is similar to the Heartbleed bug, with the difference that the wpa_supplicant vulnerability could allow an attacker to access the contents of memory and modify it.

SSID mobile hack

The flaw is related to wrong validation of data, in particular, the check for the length of transmitted data. An attacker can use a P2P SSID names that exceed the valid 32 octets of data to memory allocated and writes information beyond this memory space. The attack allows hackers to write data in memory causing wpa_supplicant and Wi-Fi service to crash resulting in a DoS attack on affected devices. The attacker just has to send responses to Wi-Fi probe requests or P2P network Public Action messages. The attacker could exploit the flaw also to expose memory contents during the three-way handshake of a peer-to-peer network negotiation or potentially run arbitrary code on the target system.

SSID information “is transmitted in an element that has a 8-bit length field and potential maximum payload length of 255 octets,” Malinen wrote, and the code “was not sufficiently verifying the payload length on one of the code paths using the SSID received from a peer device. This can result in copying arbitrary data from an attacker to a fixed length buffer of 32 bytes (i.e., a possible overflow of up to 223 bytes). The overflow can override a couple of variables in the struct, including a pointer that gets freed. In addition, about 150 bytes (the exact length depending on architecture) can be written beyond the end of the heap allocation.”

While the attack is very difficult to run if the target device isn’t actively using P2P Wi-Fi connections, it is possible use a malicious SSIS,  “evil SSID”, to cause denial of service without a P2P network. The good new is the availability of a patch for the vulnerability, Google will include it for its Android system in one of the next security updates.

It is important to remark that the vulnerability in the Wi-Fi security could leave also Windows and Linux devices open to DoS attack.

Pierluigi Paganini

(Security Affairs –  P2P, SSID)