Ali's full name found Android WiFi vulnerability: Hackers can attack remotely

Recently, Ali Security Research Laboratory found a major vulnerability to the Android system, mainly affecting the Android WiFi functional component wpa_supplicant. The vulnerability is known as a "WiFi killer", which allows hackers to launch remote attacks on a WiFi-enabled Android phone and even steal important information such as photos and contacts in the phone. It is reported that Google in the security of the disclosure of the details of the loopholes, promptly informed the Android system Wpa_supplicant components development vendors. Early this morning, the component Developer Bulletin said the vulnerability had been fixed. Ali Security Research Lab recommends that the affected Android users install the update patches as soon as possible.

Ali Security discovers Android WiFi vulnerability hacker can attack remotely

The dangers of Android WiFi vulnerability

Hackers can launch attacks on Android phones from a distance

Ali Security Research Laboratory in the study of WiFi protocol found that the Android system WiFi function components Wpa_supplicant (support wireless connection authentication software) There is a buffer overflow, resulting in Wi-Fi function and open Wi-Fi direct connected Android devices (such as mobile phones, tablets, Smart TV, etc.) can be executed remotely, where Android 4.0, 5.0 and other versions are affected the most.

Wi-Fi Direct connection is an additional feature of WiFi, which enables direct transfer of photos and files between Android devices via wireless. Most Android phones with WiFi will automatically turn on the Wi-Fi direct connection feature.

An attacker can capture the Wi-Fi direct-connect address (ie, MAC address) of a Wi-Fi mac on a mobile phone via a broadcast message. After a long-distance connection to the phone, the attacker would only need to send a malicious code to gain execution privileges to monitor the phone's internet traffic. In conjunction with the local exploitation of the loopholes, can be remote control of the mobile phone, the space to steal photos, contacts and other important information.

Using the "WiFi killer" vulnerability, hackers can launch a remote attack on the phone

In other words: As long as the Android phone on the Wi-Fi direct connection function, the attackers do not need physical contact, and do not have access to a common wireless network, as long as the use of "WiFi killer" vulnerability can be a long-distance launch of malicious attacks and intrusion.

"In particular, Android phones that have been rooted (with system super administrative privileges) are more susceptible to remote control by attackers." "Ali security experts compared the" WiFi killer "vulnerability to" gun ". He said the use of the "gun", hackers can exploit code, Trojan virus and other "bullets" remotely launched to the Android user's mobile phone, and then can be online monitoring, information theft.

Android phone default on "Wi-Fi Direct" the Scourge big

The Ali Security Research Laboratory tested 20 models of Android phones, tablets and smart TVs, and found that 8 devices had already turned on the WLAN direct connection function by default before leaving the factory.

These devices, which turn on Wi-Fi directly by default, can be remotely attacked as long as the WiFi is turned on, even if the Wi-Fi direct connection is not turned on by default, and only if the WiFi or device is restarted once used.

"Android phone off the WLAN direct connection function is very important", Ali security experts call each Android manufacturer: Before the factory, please turn off the WLAN direct connection function, in order to maximize the security of Internet users.

Ali Security recommended four strokes to prevent "WiFi killer"

After the discovery of the vulnerability, Ali Security Research Laboratory first time the "WiFi Killer" vulnerability to the relevant details to Google, Google promptly informed the Android system Wpa_supplicant components development vendors. Early this morning in Beijing, the component developer announced that the bug had been fixed and thanked the Ali Security Research team (announcement link: http://seclists.org/oss-sec/2015/q2/242?spm=0.0.0.0.anLUMO).

Ali security experts recommend the vast number of Android users:

1. Update the latest Android patch as soon as possible to fix the vulnerability;

2, do not use the Wi-Fi direct function of the Android phone for file transfer and sharing, do not randomly scan the unfamiliar QR code or install unfamiliar app applications;

3. Turn off the WiFi function of mobile phone in public place, use the mobile Internet;

4, install Ali Chan Dun and other mobile security software to prevent the virus based on the vulnerability of Trojan invasion.

This is the first exposure of Android to a wide range of WiFi-related remote attack vulnerabilities, significant harm. Ali said that Ali Chan Dun was used to prevent attacks based on the vulnerability. In addition, Ali Money Shield's "WiFi Killer bug fix tool" can quickly detect whether your Android phone has the vulnerability.

Ali's full name found Android WiFi vulnerability: Hackers can attack remotely