The IT department from Core Security recently discovered a DoS (denial of service) vulnerability in the Android Wi-Fi Direct feature
The Wi-Fi Direct feature allows Android devices to inter-connect directly among them/peer to peer (let’s say a tablet and a smartphone) without requiring a “third party” device, like a wireless router.
Most of the modern Android running smartphones already have this feature implemented for quite a while now. Core Security’s IT department reports that a number of Android running smartphones are vulnerable and can be affected by a DoS attack when they’re scanning for Wi-Fi Direct capable devices.
The “hacker” can exploit this vulnerability by sending a custom made 802.11 Probe Response Frame (I’m quoting from Core Security) thus making the Dalvik subsystem to reboot due to an error (Unhandle Exception blabla).
Basically, this Wi-Fi Direct Vulnerability allows a third party to reboot your droid by remote, kicking your device off the wireless connection.
Wi-Fi Direct works similarly to a Bluetooth device, but with the advantage of being much more stable and having more range. There are all kinds of IT equipment that uses Wi-Fi Direct for connecting to a computer, such as printers or wireless mice. Also, if a piece of equipment is already Wi-Fi ready, that means that in the future you could control it with your smartphone too.
Google did not responded very well to the respective vulnerability, classifiying it as a “low security” issue and they don’t seem very keen to release a patch to fix the problem anytime soon.
Here’s the list of devices/Android versions affected by CVE-2014-0997 (the fancy name for the “exploit”):
- Nexus 5 – Android 4.4.4
- Nexus 4 – Android 4.4.4
- LG D806 – Android 4.2.2
- Samsung SM-T310 – Android 4.2.2
- Motorola RAZR HD – Android 4.1.2