Security researchers have discovered a bug in WiFi SSID management that could be exploited by hackers to crash Android, Windows, Linux systems or hack them. A user reported that the vulnerability could allow attackers to crash devices or even potentially inject malware into their system by using crafted P2P SSID names. The flaw was discovered by Google Security team. The attack occurs via a malicious wireless peer-to-peer network name, the attack relies in how wpa_supplicant uses SSID information parsed from management frames that create or update P2P peer entries in the list of available networks. The experts explained that the flaw is similar to the Heartbleed bug, with the difference that the wpa_supplicant vulnerability could allow an attacker to access the contents of memory and modify it.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street