|
|
|
|
|
|
by nisa
1344 days ago
|
|
|
Could someone more knowledgeable than me comment if this is as worse as it looks? As I understood the issues, this will probably lot's of "fun". You can broadcast the pcap files with any monitor mode capable wifi router. Luckily it's 5.1+ so most devices run very old vendor patched kernels and are probably not affected but at least for causing havoc this is really bad. As one issue is using beacon frames just a scan for networks should be enough for a crash. So you can at least crash and maybe exploit any device running recent Linux that scans for wifi networks. I'm not sure how it's possible to do over the air remote code execution but I guess people are working on this. |
|
|
DoSing is now "easy" as you say, just send those frames and a Linux computer that is currently listening to the network (e.g. scanning for networks) and thus processes the Beacon frames will at least crash. It might be the case that some wifi chips will filter those invalid frames or crash themselves, that depends on the actual hardware / firmware.
The victim must not be connected to a malicious AP or similar, so there is no requirement for tricking a user into something.
RCE is not trivial at all, but due to the nature of the different faults, might be possible. Therefore, see e.g. Mathy Vanhoef who discovered several impressive Wifi vulnerabilities in the past:
https://twitter.com/vanhoefm/status/1580675615992451072