Sign in / up

back to article Some Androids can be HOSED by WiFi Direct vuln

Google, which has been criticised by Microsoft for recent bug disclosures, is now downplaying a bug of its own. Core Security reckons there's a bug in the Android implementation of WiFi Direct, which if exploited would let an attacker force a reboot of a device. Google, however, isn't convinced it's critical, and isn't showing …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Ragequit

    It would be quite annoying...

    If this attack could be chained continuously making the device reboot over and over. However simply disabling wifi when your not using it would effectively mitigate this. I'm not sure how often wifi direct would query for devices but I imagine that is somewhat implementation specific due to the concerns of battery life. Of course that doesn't help if you're actually using wifi.

    Though I suppose the reason Google declines to fix it is because their own devices can just be updated to 5.0. And once again getting others to update the stack is hard due to the nature of the android beast.

    3 1 Reply
    1. Charles 9
      Reply Icon

      Re: It would be quite annoying...

      There's also the matter of having to use Wi-Fi Direct mode, which isn't the norm (AP mode is the norm).

      7 1 Reply
      1. big_D Silver badge
        Reply Icon

        Re: It would be quite annoying...

        True, but some roles, such as mobile auditors with tablets and mobile printers, who have to print out an audit sheet at the end of their analysis of a laboratory, farm, food processing plant etc. would be in that mode very often. Get the timing right and you might be able to corrupt the audit information, for example.

        0 3 Reply
        1. Charlie Clark Silver badge
          Reply Icon

          Re: It would be quite annoying...

          @big_D apart from the fact that you may be speaking from experience, the example is hardly an every day occurrence. But you're only speculating that the audit could be corrupted (unusably as opposed to manipulated) and I'm sure there are other methods out there which could reliably achieve the same effect: the right kind of EMP, for example.

          1 0 Reply
          1. big_D Silver badge
            Reply Icon

            Re: It would be quite annoying...

            @Charly true, it is just a hypothesis that the data could be corrupted, if the timing was right. That would need to be tested, but if the software is in the middle of writing the analysis when the user starts searching for the printer, it would be possible. But you'd need a lot of testing to prove it one way or another. But it was the first example I could think of.

            And yes, limited audience, around 20 - 30,000 users worldwide. But, again, that is just one scenario where WiFi Direct is used several times a day by each user.

            0 2 Reply
            1. Charlie Clark Silver badge
              Reply Icon

              Re: It would be quite annoying...

              @big_D I see you've been here so long you've adopted the German spelling of my name… :-D

              If only transferring the data to the printer is the problem then this really isn't anything to worry about: it fails a couple of times so the report can be provided electronically or printed later. I'm sure you know that physical access to devices is a bigger problem so strong, hardware encryption of data on the device is more important.

              0 0 Reply
              1. big_D Silver badge
                Reply Icon

                Re: It would be quite annoying...

                Oops, sorry, didn't notice the misspelling.

                I was thinking more the app was writing its results to the database as the WiFi Direct forces the reboot.

                But as we seem to agree upon, it is fairly unlikely, although not impossible - and as you say, there are other, more serious problems to contend with.

                1 0 Reply
    2. Tom 35
      Reply Icon

      Re: It would be quite annoying...

      I think it's more the carriers then Google. The only upgrade they are interested in are ones that come with a new contract (that is upgrade to a new phone). I have never received an upgrade for any phone I bought from a carrier even when newer phones were being sold with newer software they didn't offer upgrades for the older phones. I had to find a debranding tool so I could install the factory update.

      I just hope Google produce another Nexus 4 size phone.

      1 1 Reply
      1. big_D Silver badge
        Reply Icon

        Re: It would be quite annoying...

        @Tom 35 and that is why I haven't bought a carrier locked phone for the last 8 years. I always buy my smartphone unlocked, then look for the carrier with the best deal.

        2 0 Reply
      2. Tom 13
        Reply Icon

        Re: I think it's more the carriers then Google.

        Nope, the article clearly states this vulnerability is currently in Google's wheelhouse. The carriers only muck things up after Google have fixed it.

        But you unlike the MS exploits, you can't grouse that Google are artificially downplaying this vulnerability. The user has to activate a specific functionality which is then both time and space limited and only reboots the device. If someone comes up with a way to chain it to something else, Google might then upgrade the importance of this vulnerability.

        0 2 Reply
  2. Jeff Lewis

    See, there's the difference between Google and Microsoft.

    Microsoft wants to fix bugs that potentially impact over a billion users across several versions of their OS, so asks for secrecy while they try to fix it, but sometimes can't get it done in 90 days.

    Google on the other hand doesn't care if anyone reveals if there's a bug someone can exploit - because they have no intention of fixing any bugs other than in the most recent version of their OS.

    15 9 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Not sure why that was downvoted

      I'm certainly no fan of Microsoft, but Google has effectively orphaned all Android 4.3 and earlier devices with their decision not to fix a very critical bug in the default browser. They can't put this down to the OEMs not doing it - they stated last week it would not be fixed and the solution is to use Chrome.

      Yeah, like all billion or whatever Android <= 4.3 users will download Chrome to keep themselves safe. Should Microsoft tell people to use Firefox next time there's a critical IE bug?

      13 6 Reply
      1. Paul Shirley
        Reply Icon

        Re: Not sure why that was downvoted

        Should Microsoft tell people to use Firefox next time there's a critical IE bug?”

        Yes, if they cared about their customers more than their customers wallets.

        6 3 Reply
      2. BristolBachelor Gold badge
        Reply Icon
        Trollface

        Re: Not sure why that was downvoted @DougS

        Hasn't MS just done the same though? Haven't they said that they are not going to fix the security bugs in IE 9 (The default in most corporate PCs), and that the solution is to download another browser?

        4 1 Reply
      3. Charlie Clark Silver badge
        Reply Icon

        Re: Not sure why that was downvoted

        @DougS

        If it was only the default browser then it would be a piece of piss to replace it and nothing to worry about. Unfortunately, it's in the WebKitView which is used by lots of applications on affected devices. Similar things have happened in Windows: the browser was updated but the MSHTML component in, say Outlook, wasn't and thus remained vulnerable.

        Google is only liable where it directly provided the OS to a user, or is contractually obliged by a manufacturer or network operator. This is legally a big difference. As there is a solution: upgrade the OS or simply swap out the components I think Google is pretty safe. But it might be worth having a few test cases.

        Of course, one of the ironies resulting from the parlous state of Android updates (though no doubt much better than several years ago) is that Google is becoming more and more like Apple and Microsoft by exercising more and more control of the OS through PlayStore Services and licensing terms.

        0 1 Reply
      4. John Brown (no body) Silver badge
        Reply Icon

        Re: Not sure why that was downvoted

        "Google has effectively orphaned all Android 4.3 and earlier devices with their decision not to fix a very critical bug in the default browser."

        Although I agree with the thrust of your post, I wonder if Google triage the bug reports based on the likely-hood of the fix ever reaching the users. The vast majority of Android users are on "branded and locked" versions from carriers or device makers and won't ever be updated even if Google spend the time and money to fix them.

        Having said that,Google made a rod for their own backs in the basic design of android and it's contracts with device builders/suppliers who were allowed to block system updates other than from themselves.

        Maybe in later versions they will design the system so that system libraries, core OS, Kernel etc can be updated without screwing with the carrier/supplier branding and apps.

        Well, we can but dream :-(

        1 0 Reply
    2. revdjenk
      Reply Icon

      @Jeff Lewis

      Again, as the OP said, one has to be searching for wifi devices, and someone else on that network has that brief moment to inject themselves into the other phone. And the damage? Reboot!

      Microsoft has "rebooted" many relationships with partners and written out third-party vendors by adding their own apps and extensions. They spent much time and resources on giving their own programs the inside track, and slowed or restricted others from these same connections.

      They did all this instead of writing in better security, interoperability and using established standards.

      4 4 Reply
    3. RyokuMas
      Reply Icon

      @Jeff Lewis - it's worse than that. With Microsoft, once the bug is patched (or they think they've got it patched), as long as you've got autoupdate switched on, your PC will update and fix the bug on the next Patch Tuesday.

      Whereas - and correct me if I'm wrong here - even if/when Google patch an Android bug, you're still at the mercy of your telco rolling out the update... if I understand the situation correctly!

      7 0 Reply
      1. cambsukguy
        Reply Icon

        > Whereas - and correct me if I'm wrong here - even if/when Google patch an Android bug, you're still at the mercy of your telco rolling out the update... if I understand the situation correctly!

        Well, to be fair, one is a system connected directly to the software vendor and the other is a cellphone connected to an operator.

        WinPhones don't get bugs in the OS fixed every patch Tuesday although I suppose the browser might be thought of as an app (it looks and acts like one). However, I have never had a browser 'app' updates and I get three or four updates per week, sometimes per day.

        Of course, most updates on PCs are security updates and WinPhones are not really in need of such things because of sandboxing and the fact that they difficult to target and are not much of a target to begin with.

        Still, it would be interesting if a massive security flaw were discovered that required an OS update whether one would be rushed out and the rolling update system compressed to make it faster.

        Especially since there is a ongoing OS rollout at the moment.

        0 0 Reply
        1. I ain't Spartacus Gold badge
          Reply Icon

          As I understand it though, all users of Windows Phone can get updates. They may not roll them out all at once to every handset, they've got rather a long schedule sometimes, but at least all handsets can potentially be updated by Microsoft.

          Whereas I've been in a situation with an Android handset where the manufacturer were now selling it on a later version, but there was no update ever offered for the ones they'd already sold on the previous one.

          1 0 Reply
          1. Charlie Clark Silver badge
            Reply Icon

            Whereas I've been in a situation with an Android handset where the manufacturer were now selling it on a later version, but there was no update ever offered for the ones they'd already sold on the previous one.

            Depending on the timescale that's where your statutory rights come into play. In the EU, for example, all devices have a 2-year warranty which certainly covers software updates for known vulnerabilities. In such cases it's not uncommon for companies simply to swap devices. But sometimes they may need a little, er, encouragement to do so. However, nothing to do with Google.

            0 0 Reply
    4. gollux
      Reply Icon

      Google vs. Microsoft. Consumer Grade product vs. Commercial Grade product.

      0 0 Reply
  3. gollux

    Welcome to the Google's new clothes, get used to seeing wedding tackle flopping about.

    3 4 Reply
    1. Paul Shirley
      Reply Icon

      Google stopped caring what we think a long time ago. Because they don't care, they feel no embarrassment over disclosure of things they can't be bothered fixing. They're roughly in the place Microsoft reached in the win 8 fiasco but haven't yet spent long enough pissing off customers for a revolt to start.

      But make no mistake, they're firmly in a take it or leave it mindset and making no attempt to disguise it.

      6 3 Reply
      1. RyokuMas
        Reply Icon

        "They're roughly in the place Microsoft reached in the win 8 fiasco"

        I'd put them nearer the start of the browser-wars era Microsoft ie: right before their arrogance resulted in a legal action that then destroyed a lot of the general public's trust in them.

        3 1 Reply
    2. Teiwaz
      Reply Icon

      A charming mental image.

      So basically android is bollocks, and google is being a c*nt then.

      Does anybody know of any serious isues with ChromeOS so we can round this out?

      4 4 Reply
      1. big_D Silver badge
        Reply Icon

        Re: A charming mental image.

        @Teiwaz last week there were a bunch of "older than 90 days" bugs fixed in Chrome - funny though, Google didn't shame the Chrome team at 90s days, they just included the information in the release notes at 120 days or so...

        5 3 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: A charming mental image.

          And how many of them had serious security implications?

          Or are you deceiving deliberately?

          0 0 Reply
      2. BristolBachelor Gold badge
        Reply Icon
        Facepalm

        Re: A charming mental image.

        "So basically android is bollocks, and google is being a c*nt then."

        Android is pretty good IMHO, however, you are spot on with point 2.

        As an aside, this bug would not be possible on an iDevice - no WiFi Direct. If you shoot a video of your friends kid on your phone and try to transfer it to him, you are met with:

        "What's WiFi Direct? My iPhone doesn't have that."

        "OK, so you have copied the video to your NAS over WiFi, how do I connect to that with an iPhone?"

        Me: How about transfer by Bluetooth? - "No only bluetooth works for headphones."

        "OK, tell you what, you'll have to email it to me." so that the video is sent all around the world to get from one phone to the one 2cm from it.

        6 0 Reply
        1. VinceH
          Reply Icon

          Re: A charming mental image.

          "Android is pretty good IMHO, however, you are spot on with point 2."

          Agreed, 100%.

          "As an aside, this bug would not be possible on an iDevice - no WiFi Direct."

          Don't worry - Apple will probably invent it for the next iteration of iPhone, (call it iBeam, perhaps?) though it probably won't be compatible with anything they don't control.

          1 0 Reply
  4. Crisp
    Trollface

    BRB, Setting up wifi network...

    What?

    0 1 Reply
  5. sabroni Silver badge
    Facepalm

    throws an IllegalArgumentException, crashing the device

    Really? Might want to try catching that then, instead of letting it crash the device. FFS.

    1 3 Reply
    1. cambsukguy
      Reply Icon

      Re: throws an IllegalArgumentException, crashing the device

      Well, obviously, that is what the bug is.

      1 0 Reply
    2. Crazy Operations Guy
      Reply Icon

      Re: throws an IllegalArgumentException, crashing the device

      The problem is that whoever coded that bit forgot the first rule of machine-to-machine programming: never trust the data coming in to be correct and uncorrupted.

      You should always operate under the assumption that the data is broken until you run it through a series of routines to verify that it is correct and to have a method of bailing out safely at any point.

      2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like