mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
[translated] 20150127 Bug in Wi-Fi Direct Android Implementation Causes Denial of Service
This commit is contained in:
zpl1025
parent
f297bf8174
commit
37517534c7
@ -1,50 +0,0 @@
|
||||
zpl1025
|
||||
Bug in Wi-Fi Direct Android Implementation Causes Denial of Service
|
||||
----
|
||||
*Google marks the issue as having low severity, is not in a hurry to fix it*
|
||||
|
||||
|
||||
|
||||
#A vulnerability in the way Android handles Wi-Fi Direct connections leads to rebooting the device when searching for peers to connect to, which can be anything from other phones, cameras, gaming devices, computers, or printers.
|
||||
|
||||
The Wi-Fi Direct technology allows devices capable of wireless connection to establish communication directly, without the need to join a local network.
|
||||
|
||||
##Security company insisted on proper coordination for a fix
|
||||
|
||||
The vulnerability allows an attacker to send a specially crafted 802.11 Probe Response frame to the device and crashes it due to an unhandled exception occurring on the WiFi monitoring class.
|
||||
|
||||
Core Security discovered the flaw (CVE-2014-0997) through its CoreLabs team, and reported it to Google back in September 2014. The vendor acknowledged it but classified the glitch as having low severity, with no timeline for a fix being provided.
|
||||
|
||||
The same answer was received by Core Security each time they contacted the Android security team to inform of a timeframe for rolling out a fix. The last reply of this kind was received on January 20, meaning that there is no patch for the time being. On Monday, the security company made their findings public.
|
||||
|
||||
The security company created a (proof-of-concept)[1] to demonstrate the validity of the results obtained during their research.
|
||||
|
||||
According to the technical details of the vulnerability, some Android devices can be induced a denial-of-service condition if they receive a malformed wpa_supplicant event, which makes available the interface between the wireless driver and the Android platform framework.
|
||||
|
||||
##Google is not in a hurry to eliminate the problem
|
||||
|
||||
The relaxed stance from the Android security team regarding the issue may be on account of the fact that denial-of-service condition occurs only for a short period of time, when scanning for peers.
|
||||
|
||||
More than this, the result is not severe in nature as it consists in rebooting the device. There is no risk of data exfiltration or an attack that could lead to this, which would make it unappealing to a threat actor. On the other hand, a patch should be provided regardless, in order to mitigate any potential future risks.
|
||||
|
||||
Core Security says that the issue was not detected on Android 5.0.1 and above, and among the devices affected they found Nexus 5 and 4 running version 4.4.4 of the mobile operating system, LG D806 and Samsung SM-T310 with Android 4.2.2, and Motorola RAZR HD with build 4.1.2 of the OS.
|
||||
|
||||
For the time being, mitigation consists in refraining from using Wi-Fi Direct or updating to a non-vulnerable version of Android.
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via:http://news.softpedia.com/news/Bug-In-Wi-Fi-Direct-Android-Implementation-Causes-Denial-of-Service-471299.shtml
|
||||
|
||||
本文发布时间:27 Jan 2015, 09:11 GMT
|
||||
|
||||
作者:[Ionut Ilascu][a]
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://news.softpedia.com/editors/browse/ionut-ilascu
|
||||
[1]:http://www.coresecurity.com/advisories/android-wifi-direct-denial-service
|
||||
@ -0,0 +1,49 @@
|
||||
Wi-Fi直连的Android实现中的Bug导致拒绝服务
|
||||
----
|
||||
*Google标记这个问题为低严重性,并不急着修复*
|
||||
|
||||
|
||||
|
||||
#Android处理Wi-Fi直连连接的方式中的一个漏洞会导致在搜索连接节点的时候设备重启,这个节点可能是其他手机,摄像头,游戏设备,电脑或是打印机等任何设备。
|
||||
|
||||
Wi-Fi直连技术允许无线设备之间直接建立通信,而不用加入到本地网络中。
|
||||
|
||||
##安全公司致力于协调修复这个问题
|
||||
|
||||
这个漏洞允许攻击者发送一个特定的修改过的802.11侦测响应帧给设备,从而因为WiFi监控类中的一个未处理的异常导致设备重启。
|
||||
|
||||
Core Security通过自己的CoreLabs团队发现了这个下次(CVE-2014-0997),早在2014年9月就汇报给了Google。这家供应商确认了这个问题,却把它列为低严重性,并不提供修复时间表。
|
||||
|
||||
每次Core Security联系Android安全组要求提供修复时间表的时候都会收到同样的答复。最后一次答复是1月20日,意味着这么段时间中都没有补丁。在星期一的时候,这家安全公司公布了他们的发现。
|
||||
|
||||
这家安全公司建立了一个(概念证明)[1]来展示他们研究结果的有效性。
|
||||
|
||||
根据这个漏洞的技术细节,一些Android设备在收到一个错误的wpa_supplicant事件后可能会进入拒绝服务状态,这些事件让无线驱动和Android平台框架之间的接口有效。
|
||||
|
||||
##Google并不着急结束这个问题
|
||||
|
||||
Android安全组对于这个问题的放松态度可能是基于这个原因,这种拒绝服务状态只发生在扫描节点这一小段时间。
|
||||
|
||||
不仅如此,实际上结果也并不严重,因为它会导致设备重启。不存在数据泄漏的风险或是能引起这个问题的攻击,不会吸引攻击者。另一方面,不管怎样都应该提供一个补丁,以减轻任何未来的潜在风险。
|
||||
|
||||
Core Security声称在Android 5.0.1及以上版本中没有测试到这个问题,他们发现的受影响的设备有运行移动操作系统版本4.4.4的Nexus 5和4,运行Android 4.2.2的LG D806和Samsung SM-T310,以及4.1.2版本系统的Motorola RAZR HD。
|
||||
|
||||
目前,减轻影响的方式是尽量不用Wi-Fi直连,或者升级到没有漏洞的Android版本。
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via:http://news.softpedia.com/news/Bug-In-Wi-Fi-Direct-Android-Implementation-Causes-Denial-of-Service-471299.shtml
|
||||
|
||||
本文发布时间:27 Jan 2015, 09:11 GMT
|
||||
|
||||
作者:[Ionut Ilascu][a]
|
||||
|
||||
译者:[zpl1025](https://github.com/zpl1025)
|
||||
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://news.softpedia.com/editors/browse/ionut-ilascu
|
||||
[1]:http://www.coresecurity.com/advisories/android-wifi-direct-denial-service
|
||||
Loading…
Reference in New Issue
Block a user