A vulnerability in Android’s Wi-Fi Direct functionality has been uncovered by security researchers.
Wi-Fi Direct – the technology that allows two devices (including printers, cameras and PCs) to connect directly via a peer-to-peer Wi-Fi connection without a wireless router – has an issue affecting a number of Android devices. The bug is in the form of a remotely exploitable denial-of-service vulnerability, specifically an uncaught exception, and it affects certain Android devices scanning for other Wi-Fi Direct products.
The Hacker News reports that the vulnerability affects a number of Android devices:
- Nexus 5 – Android 4.4.4
- Nexus 4 – Android 4.4.4
- LG D806 – Android 4.2.2
- Samsung SM-T310 – Android 4.2.2
- Motorola RAZR HD – Android 4.1.2
Core Security first disclosed the security issue to Google on September 26, but the Android Security Team classified the vulnerability as “low severity” and repeatedly explained that they currently have no timeline for releasing a fix, hence today’s public disclosure.
The Register broadly agrees with Google’s classification, given that the vulnerability is limited to short periods of time when the Android device is scanning for Wi-Fi direct devices, as well as geographical proximity: an attacker has to be nearby to send the malformed data to the victim. Even then, “its impact is limited to a reboot.”
Twin Design / Shutterstock.com