Jump to content
  • Linux dodges serious Wi-Fi security exploits

    aum

    • 437 views
    • 4 minutes
     Share


    • 437 views
    • 4 minutes

    What appeared to be one simple Linux Wi-Fi networking security problem was soon revealed to be five different nasty Wi-Fi security problems. Fortunately, the patches are on their way.

     

    You may recall that Linus Torvalds recently added support for Rust in the Linux kernel. One of the big reasons for adding Rust was to put an end to Linux code memory problems.

     

    It can't come soon enough. Recently, five serious Linux Wi-Fi security holes were uncovered.

     

    What did they all have in common? Go ahead, guess? Yes, each and every one was caused by a memory problem because of poorly written C code.

     

    I'm shocked. Shocked, I tell you.

     

    That was the bad news. The good news is they've all been patched.

     

    The first hole was discovered by security researcher Soenke Huster from Germany's  Technical University of Darmstadt.

     

    Huster e-mailed leading European Linux distributor SUSE with news that there was a nasty buffer overwrite in the Linux Kernel mac80211 Wi-Fi framework, which could be triggered remotely by misusing WLAN frames.

     

    SUSE, in turn, delegated the issue to the kernel security crew, Huster, an Intel principal engineer, and the mac80211 main architect worked on fixing the problem. They also quickly found multiple other Wi-Fi security holes that could be exploited by an attacker over a Wi-Fi network connection.

     

    Whoops.

     

    So, how bad are these? Bad. As one commenter on the Linux Weekly News (LWN) site, the site for serious Linux users and developers, put it, "Basically, it's just anybody who uses Wi-Fi."

     

    Most of these vulnerabilities were introduced into Linux in the first quarter of 2019. So, they were introduced into the Linux 5.1 and 5.2 kernels.

    That, in turn, means that any Linux distro you're running today is vulnerable to attacks on these holes.

     

    For example, Red Hat Enterprise Linux (RHEL) 8 and 9 could both be successfully attacked. Such an assault would be a nasty one.

     

    The original bug, a buffer overflow flaw labeled CVE-2022-41674, would. Red Hat reports that this "flaw allow an attacker to crash the system or leak internal kernel information." With a Red Hat Common Vulnerability Scoring System (CVSS) score of 7.3, Red Hat considers it to be of "Moderate Impact."

     

    I think, when you put all the holes together, it's much worse than that. The real nasty piece, as far as I'm concerned, is that these holes are triggered by "Beacon frames." Wi-Fi Access Points (AP) constantly transmit these, so any device scanning for a network will pick them up.

     

    In other words, with a malicious AP, an attacker would automatically attack any Linux device in the area that was scanning for networks. A firewall wouldn't stop it. Neither would a VPN. There's no need to phish the user. Just turn on your laptop or what have you, and, ta-da, instant crash.  

     

    The good news is the patches are in. They were pushed out to the stable kernels on October 13th. The newest, safe Linux kernel is the just-released 5.10.148. Linus Torvalds added them to the forthcoming Linux kernel 6.1. I expect all major Linux distros will have them in place for your working Linux systems by early this week.

     

    Android and Internet of Things (IoT) Linux distros may have more trouble. Their developers often take their own sweet time with patching security problems. Ironically, many of these distros may be safe because they're using kernels, which are too old to be affected by this security hole. Specifically, phones running Android 12 or earlier are safe.

     

    Brand new devices with Android 13, however, are another story. These include flagship phones such as the Google Pixel 4 and newer; Asus Zenfone 8; and the Samsung S22, S21, and S20. The good news is that all major companies are much better at updating their operating systems than second-tier smartphone vendors. With luck, no one will get to experience their phone crashing simply because some jerk is getting giggles from running a trouble-making Wi-Fi AP.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...