Vulnerabilities

Critical WiFi vulnerability allows anyone to remotely control or lock Linux devices

A new security flaw has caught the attention of vulnerability testing experts. A recently published report mentions that a severe vulnerability in the Linux operating system could allow a nearby device to use a WiFi signal to lock or compromise the target machine.

The vulnerability resides in the RTLWIFI
driver, used for compatibility of Realtek WiFi chips on Linux devices. If
exploited, this flaw could cause a buffer overflow in the Linux kernel when a
Realtek chip computer is within the range of a device controlled by a threat
actor. 

The possible results when exploiting this
vulnerability range from an operating system shut down to full computer control
by the hacker. The flaw has existed since Linux kernel version 3.10.1, released
in 2013, vulnerability testing specialists mentioned. 

Nico Waisman, security engineer on GitHub,
claims that this is a severe vulnerability: “The flaw triggers a remote
overflow via WiFi in the Linux kernel when using the Realtek driver,” the
expert says.

Linux developers announced that the patch to
fix the vulnerability, tracked as CVE-2019-17666, will be released over the
next few days, or even weeks; finally, the update will reach the affected Linux
distributions. GitHub’s vulnerability testing expert also mentioned that a
proof-of-concept has not been developed that exploits the flaw so that
malicious code can be executed on the exposed device. “We continue to
investigate possible methods of exploitation, although it will most likely take
a few weeks,” Waisman concluded. 

So far, the only technical details that are
known about the flaw are that it can be exploited when a vulnerable computer is
within reach of the attacker-controlled device. According to the experts in
vulnerability testing of the International Institute of Cyber Security (IICS),
if the victim’s WiFi is enabled, the hacker will not require user interaction
to exploit the flaw.

Hackers exploit the flaw by abusing a feature
known as Absence Notification, built into the WiFi Direct standard, which
allows two WiFi computers to connect to the Internet without an access point.
To trigger the attack, the hacker would require adding vendor-specific
information items to WiFi beacons; when received by the vulnerable device, they
would generate buffer overflow in the Linux kernel.

Experts have also reported that the
vulnerability does not work when the vulnerable device’s WiFi is turned off or
when using third-party WiFi chips, although they note that Android computers
using Realtek chips might also be exposed.

The extent of this failure is still unknown,
although the fact that it is a wirelessly achievable attack suggests that it is
a serious failure. The cybersecurity community is still waiting for additional
feedback from Realtek and Google.

To Top

Pin It on Pinterest

Share This