lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201409170617.s8H6HB7O004990@sf01web3.securityfocus.com>
Date: Wed, 17 Sep 2014 06:17:11 GMT
From: vuln@...c.org.cn
To: bugtraq@...urityfocus.com
Subject: MIUI Wifi Connection Message Vulnerability

MIUI Wifi Connection Message Vulnerability

I. Summary
Wifi Connection Message is written to a NFC tag, which can be touched by a NFC mobile phone for connecting wireless AP 

automatically. A logic flaw has been found in MIUI that is a Android ROM. The flaw can be used to turn on wifi, with the 

help of "wifihandover"(https://play.google.com/store/apps/details?id=net.endflow.apps.wifiho) or "NFC Tag 

Assistant"&#65288;http://app.mi.com/detail/43940&#65289;.
-----------------------------------------------------------------
II. Description
According to the NFC Wifi Connection Message Specification, construct a message as follow.
D2 17 45 61 70 70 6C 69 63 61 74 69 6F 6E 2F 76
6E 64 2E 77 66 61 2E 77 73 63 10 4A 00 01 10 10
0E 00 3C 10 26 00 01 01 10 45 00 04 55 43 41 53
10 03 00 02 00 20 10 0F 00 02 00 08 10 27 00 10
5B 0F A0 A8 11 2B 5B EF F0 C2 10 3E D6 91 5C B1
10 20 00 06 88 32 9B 57 F1 CC FF FF 00 01 02

Then write the message to NFC tag. For the reason MIUI 5.30&#65288;a Android ROM&#65289;don't process wifi message&#65292;"wifihandover" or 

"NFC Tag Assistant" should be installed in the tested phone. Touch the NFC tag with a smart phone with Samsung GT-I9300

(installed with MIUI 5.30&#65292; an Android ROM), wifi will be turned on automatically, regardless of whether wifi connection 

succeeds or not.
------------------------------------------------------------------
III. Impact
This bug cause wifi connection turned on automatically
------------------------------------------------------------------
IV. Affected
MIUI  4.1.17/5.30 
other versions we don't test.
------------------------------------------------------------------
V. Solution
modify the source codes about Wifi connection message processing strategy.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ