Android Wi-Fi Direct bug means hackers can reboot your device

A vulnerability in Android’s Wi-Fi Direct functionality has been uncovered by security researchers.

Wi-Fi Direct – the technology that allows two devices (including printers, cameras and PCs) to connect directly via a peer-to-peer Wi-Fi connection without a wireless router – has an issue affecting a number of Android devices. The bug is in the form of a remotely exploitable denial-of-service vulnerability, specifically an uncaught exception, and it affects certain Android devices scanning for other Wi-Fi Direct products.

“An attacker could send a specially crafted 802.11 Probe Response frame causing the Dalvik subsystem to reboot because of an Unhandle Exception on WiFiMonitor class,” the security advisory explains.

Or, as The Register puts it, “If the attacker sends a malformed wpa_supplicant event, the disclosure states, Android’s WifiP2pDevice class throws an IllegalArgumentException, crashing the device.”

The Hacker News reports that the vulnerability affects a number of Android devices:

  • Nexus 5 – Android 4.4.4
  • Nexus 4 – Android 4.4.4
  • LG D806 – Android 4.2.2
  • Samsung SM-T310 – Android 4.2.2
  • Motorola RAZR HD – Android 4.1.2

Core Security first disclosed the security issue to Google on September 26, but the Android Security Team classified the vulnerability as “low severity” and repeatedly explained that they currently have no timeline for releasing a fix, hence today’s public disclosure.

The Register broadly agrees with Google’s classification, given that the vulnerability is limited to short periods of time when the Android device is scanning for Wi-Fi direct devices, as well as geographical proximity: an attacker has to be nearby to send the malformed data to the victim. Even then, “its impact is limited to a reboot.”

Twin Design /

Author , ESET

  • Maxamillion Mansionhouse III

    Good article.

    One thing I can’t seem to stop from happening to me is my wifi trying to connect to wifi connections other than my own.

    I keep my connections optimizer turned off and already have my wifi off. Also I have turned off the feature that is always scanning for wifi connections.

    All of that but still if I go on the internet near another wifi connection my Galaxy S5 turns on my wifi and tries to connect…

Follow us

Copyright © 2017 ESET, All Rights Reserved.