- Jul 22, 2014
- 2,525
A security researcher has turned up new ways to silently hijack and infect Android devices via malicious Wi-Fi packets over the air.
Scotty Bauer, a Linux kernel developer, described in detail on Monday how he found a bunch of exploitable programming blunders in the qcacld Wi-Fi driver that supports Qualcomm Atheros chipsets. These chips and their associated driver are used in a number of Android phones, tablets, routers, and other gizmos, including some Pixel and Nexus 5 handhelds, for wireless networking.
In an effort similar to Gal Beniamini's work scrutinizing Broadcom's insecure wireless technology, Bauer went looking for low-level remote-code-execution vulnerabilities in Google-powered gadgets, found them, and reported them so they can be addressed.
The result of that effort is some juicy security fixes that were released on Monday by Google. These need to be installed on vulnerable Android devices to protect them from attacks leveraging the now-documented bugs.
Essentially, it is possible vulnerable Android gizmos can be secretly commandeered by nearby hackers via Wi-Fi due to flaws in the aforementioned wireless driver code, originally developed by Qualcomm Atheros. So check for updates from Google, via the Settings app, and install this month's Android security updates if or when they are available for your devices.
Bauer explained that since Qualcomm uses a partial SoftMAC – that is, at least some of the MAC layer is implemented in software – “the source code for handling any sort of 802.11 management frames must be in the driver and is thus available to look at.” In other words, it is possible to study the code and figure out the right management frames to send to a nearby victim's device to trigger the execution of malicious code, leading to crashes or the installation of spyware.
...
...
Scotty Bauer, a Linux kernel developer, described in detail on Monday how he found a bunch of exploitable programming blunders in the qcacld Wi-Fi driver that supports Qualcomm Atheros chipsets. These chips and their associated driver are used in a number of Android phones, tablets, routers, and other gizmos, including some Pixel and Nexus 5 handhelds, for wireless networking.
In an effort similar to Gal Beniamini's work scrutinizing Broadcom's insecure wireless technology, Bauer went looking for low-level remote-code-execution vulnerabilities in Google-powered gadgets, found them, and reported them so they can be addressed.
The result of that effort is some juicy security fixes that were released on Monday by Google. These need to be installed on vulnerable Android devices to protect them from attacks leveraging the now-documented bugs.
Essentially, it is possible vulnerable Android gizmos can be secretly commandeered by nearby hackers via Wi-Fi due to flaws in the aforementioned wireless driver code, originally developed by Qualcomm Atheros. So check for updates from Google, via the Settings app, and install this month's Android security updates if or when they are available for your devices.
Bauer explained that since Qualcomm uses a partial SoftMAC – that is, at least some of the MAC layer is implemented in software – “the source code for handling any sort of 802.11 management frames must be in the driver and is thus available to look at.” In other words, it is possible to study the code and figure out the right management frames to send to a nearby victim's device to trigger the execution of malicious code, leading to crashes or the installation of spyware.
...
...
