MULTIPLE VULNERABILITIES IN WI-FI ENABLED DEVICES DISCOVERED

A cybersecurity alert was issued yesterday, May 12, 2021, regarding multiple vulnerabilities in Wi-Fi-enabled devices. The vulnerabilities could allow an attacker to exfiltrate user data, which could potentially lead to a breach.

What It Is:

Multiple vulnerabilities have been discovered in Wi-Fi enabled devices, the most severe of which could allow for data exfiltration. IEEE 802.11 is part of the IEEE 802 set of local area network technical standards, and specifies the set of medium access control and physical layer protocols for implementing wireless local area network communication.

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to exfiltrate user data.

Read the original Wi-Fi Alliance Security Update.

Threat Intelligence:

There are currently no reports of these vulnerabilities being exploited in the wild. A proof of concept exists for various vulnerabilities mentioned within this advisory.

Systems Affected:

• Any Wi-Fi enabled device could be vulnerable, please check with the manufacturer of your device(s)

Risk:

Government:

• Large and medium government entities: High
• Small government entities: High

Businesses:

• Large and medium business entities: High
• Small business entities: High

Home users: High

What It Means:

If you and/or your business utilize Wi-Fi enabled devices, you will need to apply the stable channel update provided by the vendor to vulnerable systems immediately following appropriate testing.

Technical Summary:

Multiple vulnerabilities have been discovered in Wi-Fi enabled devices, the most severe of which could allow for data exfiltration. These vulnerabilities can be exploited if a user connects to a rogue access point and is then redirected to or visits a malicious server. Details of the vulnerabilities are as follows:

• A vulnerability exists in the 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) that could allow an attacker to inject arbitrary network packets. (CVE-2020-24588)
• A vulnerability exists in the 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) that could allow an attacker to decrypt selected fragments when another device sends fragmented frames. (CVE-2020-24587)
• A vulnerability exists in the 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) that could allow an attacker to inject arbitrary network packets and/or exfiltrate user data. (CVE-2020-24586)
• A vulnerability exists in Samsung Galaxy S3 i9305 4.4.4 devices that could allow an attacker to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)
• A vulnerability exists in Samsung Galaxy S3 i9305 4.4.4 devices that could allow an attacker to inject arbitrary network packets independent of the network configuration. (CVE-2020-26144)
• A vulnerability exists in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H that could allow an attacker to inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)
• A vulnerability exists in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH could allow an attacker to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)
• A vulnerability exists in the kernel in NetBSD 7.1 that could allow an attacker to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)
• A vulnerability exists in Samsung Galaxy S3 i9305 4.4.4 devices that could allow an attacker to exfiltrate selected fragments. (CVE-2020-26146)
• A vulnerability exists in the Linux kernel 5.8.9 that could allow an attacker to inject packets and/or exfiltrate selected fragments. (CVE-2020-26147)
• A vulnerability exists in the kernel in OpenBSD 6.6 that could allow an attacker to inject arbitrary network packets, independent of the network configuration. (CVE-2020-26142)
• A vulnerability exists in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H that could allow an attacker to inject and possibly decrypt packets. (CVE-2020-26141)

What To Do:

We recommend the following actions be taken:

• Apply the stable channel update provided by the vendor to vulnerable systems immediately after appropriate testing.
• Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
• Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from untrusted sources.

Negative Consequences of Lost or Stolen Data:

The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in Wi-Fi enabled devices including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.