Ali safe says found Android WiFi vulnerability: hackers can remotely attack-vulnerability warning-the black bar safety net

2015-04-23T00:00:00
ID MYHACK58:62201561535
Type myhack58
Reporter 佚名
Modified 2015-04-23T00:00:00

Description

! 1

! Android WiFi vulnerability

Android WiFi vulnerability

Recently, Ali security research labs found that Android system is a major vulnerability, mainly affecting Android WiFi function components wpa_supplicant。 Through this vulnerability, hackers can open the WiFi of Android phone to launch remote attacks, even theft of the phone photos, Contacts and other important information, and therefore the vulnerability is called “WiFi killer”.

It is reported, Google in to the Ali security submitted by the vulnerability details, promptly notify the Android wpa_supplicant the development of components manufacturers. Today morning, the Assembly developer announced that the vulnerability has been fixed.

Ali security research lab recommends that affected Android users as soon as possible to install the Update Patch.

The hacker can remotely on Android mobile phone attack

Ali security research laboratory in the study of the WiFi Protocol found that Android system WiFi function components wpa_supplicant to support the wireless connection authentication of the software there is a buffer overflow, resulting in having WiFi enabled and turned on WLAN Direct Connect the Android device such as mobile phone, tablet, Smart TV, etc., can be remote code execution, which Android 4. 0 and 5.0 and other versions are the most affected.

WLAN Direct Connect is WiFi an additional function, Support Android devices via WiFi direct to transfer photos and files. Most of the configuration there WiFi Android phone will automatically turn on the WLAN Direct Connect feature.

The attacker through the phone's WiFi MAC of the broadcast message, it can capture to its WLAN directly connected to the address i.e. mac address. In the long-range connection to the mobile phone, the attacker only needs to send a segment of malicious code to get execute permissions, and then monitor the phone's Internet traffic. Together with local to mention the right vulnerability,it may be the phone for remote control, via the empty stolen phone photos, Contacts and other important information.

[1] [2] [3] next