Critical WiFi vulnerability allows anyone to remotely control or lock Linux devices

A new security flaw has caught the attention of vulnerability testing experts. A recently published report mentions that a severe vulnerability in the Linux operating system could allow a nearby device to use a WiFi signal to lock or compromise the target machine.

The vulnerability resides in the RTLWIFI driver, used for compatibility of Realtek WiFi chips on Linux devices. If exploited, this flaw could cause a buffer overflow in the Linux kernel when a Realtek chip computer is within the range of a device controlled by a threat actor. 

The possible results when exploiting this vulnerability range from an operating system shut down to full computer control by the hacker. The flaw has existed since Linux kernel version 3.10.1, released in 2013, vulnerability testing specialists mentioned. 

Nico Waisman, security engineer on GitHub, claims that this is a severe vulnerability: “The flaw triggers a remote overflow via WiFi in the Linux kernel when using the Realtek driver,” the expert says.

Linux developers announced that the patch to fix the vulnerability, tracked as CVE-2019-17666, will be released over the next few days, or even weeks; finally, the update will reach the affected Linux distributions. GitHub’s vulnerability testing expert also mentioned that a proof-of-concept has not been developed that exploits the flaw so that malicious code can be executed on the exposed device. “We continue to investigate possible methods of exploitation, although it will most likely take a few weeks,” Waisman concluded. 

So far, the only technical details that are known about the flaw are that it can be exploited when a vulnerable computer is within reach of the attacker-controlled device. According to the experts in vulnerability testing of the International Institute of Cyber Security (IICS), if the victim’s WiFi is enabled, the hacker will not require user interaction to exploit the flaw.

Hackers exploit the flaw by abusing a feature known as Absence Notification, built into the WiFi Direct standard, which allows two WiFi computers to connect to the Internet without an access point. To trigger the attack, the hacker would require adding vendor-specific information items to WiFi beacons; when received by the vulnerable device, they would generate buffer overflow in the Linux kernel.

Experts have also reported that the vulnerability does not work when the vulnerable device’s WiFi is turned off or when using third-party WiFi chips, although they note that Android computers using Realtek chips might also be exposed.

The extent of this failure is still unknown, although the fact that it is a wirelessly achievable attack suggests that it is a serious failure. The cybersecurity community is still waiting for additional feedback from Realtek and Google.