back to article It's 2017 and you can still pwn Android gear with Wi-Fi packets – so get patching now

A security researcher has turned up new ways to silently hijack and infect Android devices via malicious Wi-Fi packets over the air. Scotty Bauer, a Linux kernel developer, described in detail on Monday how he found a bunch of exploitable programming blunders in the qcacld Wi-Fi driver that supports Qualcomm Atheros chipsets. …

  1. Anonymous Coward
    Pint

    Nameless

    The write-up is excellent! Well worth the read for anyone operating at the hardware-software interface coal-face.

    1. Khaptain Silver badge

      Re: Nameless

      I'm not at the coalface but found this article interesting too.

      It made an otherwise boring bowl of cereal into a worthwhile read..

      Now I'm of to move over to SIP from ISDN on our telephony system.....

    2. Joe Werner Silver badge

      Re: Nameless

      Yes, good read. I have to admit that it gets repetitive though: shouldn't we be past the buffer overrun exploits? (I know much of my code is not, but I don't share it, it's quite specialized, and probably only useful for three people.... and that includes me, myself and I)

      1. sabroni Silver badge
        Unhappy

        Re: shouldn't we be past the buffer overrun exploits?

        Yes, we really should.

        Thank fuck for Android's super updates system!

        1. dajames

          Re: shouldn't we be past the buffer overrun exploits?

          Thank fuck for Android's super updates system!

          Ah, Irony! We don't use that here.

  2. nagyeger

    Dear Motorola

    please can I have a patch for my phone? Tnx.

    Dear Reg readers... is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?

    Or, put another way, what are the chances of me ending up with a non-bricked, fully-functional phone if I try installing lineageOS on it?

    1. Michael Habel

      Re: Dear Motorola

      About the same as with those you spend 400+£€$$ on. If you stupid enough to get a Samsung Tablet.

      As to how safe it all is... Is down to a mixture of how well you can read, and follow directions off a Forum. But, as always the best place to start is on XDA-Developers.

      1. CrazyOldCatMan Silver badge

        Re: Dear Motorola

        But, as always the best place to start is on XDA-Developers

        Indeed. I tend to check there *before* I buy something for that very reason. And it's why my old OnePlus One is running a recent-ish version of LineageOS..

        (As is the OnePlus 3 that's my live in-use phone)

    2. Tim Seventh

      Re: Dear Motorola

      "Dear Reg readers... is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?"

      Any phone officially supported by lineageOS will likely have longer term patch support. In terms of <200quid phone, there are a number of brands that have phones at that price like asus, sony, LG, xiaomi, etc. It'll be better to search it yourself. If you can't decide, start searching from their second to first recent released phone.

      "Or, put another way, what are the chances of me ending up with a non-bricked, fully-functional phone if I try installing lineageOS on it?"

      If you picked a phone from the lineageOS official support list, then you'll have the highest chance of getting a non-bricked near fully-functional lineageOS rom. Otherwise, if you find your phone under xda-developers with threads of users tested the rom, then you'll have the second highest chance of getting a non-bricked near fully-functional lineageOS / custom rom. If you search around and only found one thread, a video or a website with a lineageOS / custom rom link, unless it gave you clear instruction, it'll have the lowest chance of not bricking your phone OS (if you didn't physically break the phone, you can reflash and try another rom).

      *near fully-functional because some developers will tell you some roms have known-issues.

      Since it sounds like you haven't flashed a lineageOS before, here are a few key tips if you are interested in flashing lineageOS / custom rom.

      - Unlock bootloader - Most OEM locks your phone so your phone can only install their rom. Unlocking it is required to install lineageOS and other custom rom. Different phone has different ways to unlock them. Search them first.

      - Phone driver - some phones require specific driver to be recognized by a PC before installing/ booting a custom recovery. Some phones may need it. Search them next.

      - Custom recovery - this is a different recovery from the OEM recovery, and it let's you wipe your phone and flash your firmware, lineageOS rom, root manager, and gapps. One known custom recovery is twrp recovery. Search for the device specific custom recovery should it be required.

      - rooting - this is to get admin right of phone. LineageOS should now come with it, but you'll need a "root manager" like Magisk to manager your apps for root. Most root manager needs to be flash in custom recovery and some need the apk installed afterward for it to work.

      - gapps - this is a google apps bundle. The bundle is device cpu specific and will not flash if you downloaded the wrong one. The bare minimum is gapps pico. This is optional for lineageOS but you might need it if you use google apps and apps that dependent on google api.

      - backups - if you haven't backed up before flashing lineageOS, well... do it now. Google backup only goes so far in terms of phone backup, so do test the backups before wiping the phone.

      tl;dr research lineageOS rom ahead to ensure no phone brick.

      1. Anonymous Coward
        Anonymous Coward

        Re: tl;dr research lineageOS rom ahead to ensure no phone brick.

        But if I want to buy a new/recent phone, how will I know whether lineageOS will eventually support it? There are (eg) lots of Moto phones suppported atm, but if I decide to buy a G5 it looks as if I'll just have to buy and hope! AFAICS each different generation seems to have a randomly chosen chipset/cpu, so it's not even like I can say "ah, the G5 seems to have a similar chipset to the G4, so it's a good bet I'll be ok"

    3. Anonymous Coward
      Anonymous Coward

      Re: Dear Motorola

      No, you have to spend money to get support. Software support is expensive (but you could argue they are getting the OS for free and should have diverted savings to software support)

      Nexus

      Pixel

      Nokia

      Premium Sony (not the mid range)

      Essential

      These all get monthly or bi montly patches.

      1. big_D Silver badge

        Re: Dear Motorola

        @AC except not Nexus or Pixel, they only guarantee updates for 2 years and security updates for a further year. Better than most, but still not good.

        That said, at least when they are still supported, they get the updates promptly.

        1. ranger

          Re: Dear Motorola

          Does anyone know if there's ever been an attempt to force long term support through consumer rights? Could security bugs be classed as a defective product, giving (in theory) six years to claim. I don't know if there's any actual legal grounds for it, but it would be interesting to pursue, and would have the added benefit of making electronics firms take security seriously.

    4. Dr Mantis Toboggan
      FAIL

      Re: Dear Motorola

      Nope, this is something YOU needed to have considered at time of purchase, it's entirely your fault for putting other features or price above support, and you can't change your priorities now

      1. big_D Silver badge

        Re: Dear Motorola

        @Dr Mantis Toboggan, price has nothing to do with it. Even the Samsung Galaxy devices we have, which are premium devices, lag seriously behind.

        None of the devices we have, have received Oreo yet and the "best" devices have a patch level from Nougat August 2017... That's 3 months of patches out of date, including no KRACK patch.

      2. Jamie Jones Silver badge

        Re: Dear Motorola

        Dr Toboggan, ahhh with an attitude like that, I assume you don't enjoy the proper consumer rights laws we have in Europe..

        Don't worry though, the BRexiters have ensured we'll all be back to your level of expectancy ! Trump advisors have admitted as much!

    5. Anonymous Coward
      Anonymous Coward

      Re: Dear Motorola

      "is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?"

      Well depending on how you want to interpret "ANY" there is, well was. I bought my Microsoft 640XL for £122 at the end of June 2015. It got its last feature update in April 2017. It will continue to get monthly support patches till 11th June 2019. So monthly patches for a couple of weeks under 4 years.

      Microsoft managed to cock up a lot of things with their phone offering but they got the patching side right.

    6. phuzz Silver badge

      Re: Dear Motorola

      To save you the bother of searching, here is LineageOS's officially supported devices list. Of course, you still have to go through that list to see if there's any phones on it that fit your criteria on there.

    7. Ken Hagan Gold badge

      Re: Dear Motorola

      Amazon will sell you a used Samsung S5 in good nick for considerably less than 200 quid. (Other tat-vendors are available...) The S5 is one of the most widely used phones with Lineage (https://www.lineageoslog.com/statistics) so it won't just be you if something goes wrong. You don't have to root the phone (https://wiki.lineageos.org/devices/klte/install). If you are particularly doubtful of the procedure, you could try it on an even older phone. The S4 Mini is about a third of the price and also works OK.

      I'm citing these two Samsungs because I've actually done it with them. (I haven't looked back.) It shouldn't be taken as an endorsement of Samsung. (I put Lineage on because Samsung's support was so crap.) A glance at the stats will show that other brands also have thousands of users out there and your current handset may even be among them.

      Edit: If you do switch, give some thought to how you will transfer things like address books and saved media/messages/etc. Mostly these aren't terribly difficult as long as you plan ahead but are obviously nigh-on impossible after you've nuked the old contents of your storage. :)

  3. Anonymous Coward
    Anonymous Coward

    Yep patched

    All android devices in our house fully patched, painless job done.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yep patched

      Another happy Apple user.

    2. Anonymous Coward
      Anonymous Coward

      Re: painless job done

      a job in sales?

    3. Anonymous Coward
      Anonymous Coward

      Re: All android devices in our house fully patched, painless job done.

      Well indeed - as are all our devices up to date with the latest patches. It's just unfortunate that some of those "latest patches" date back to several years ago.

  4. Hans 1
    WTF?

    Dear Samsung, dear LG, dear Archos, where are my KRACK patches ?

    1. sabroni Silver badge
      FAIL

      Ask Google, they're the ones who thought an update mechanism would be too tricky to implement.

  5. Martin hepworth

    Patch availablity

    Patching my Andriod device, yeah right.

    It's getting better with any Oreo or later devices ,but even Oneplus have been really lax in getting these out, so I dont expect any big improvement soon unless you're dropping big ££$$ on Google's native kit

  6. RyokuMas
    Joke

    It's 2017...

    ... and El Reg have swapped "Windows" for "Android" in their "you can still pwn [placeholder]" title generator...

  7. Anonymous Coward
    Anonymous Coward

    "This frame reports only one byte remaining after it's fixed fields.\n"

    I'd raise a CVE for the misplaced apostrophe to be honest. I'm just trying to come up with a suitable logo.

    1. Uncle Slacky Silver badge
      Headmaster

      Re: "This frame reports only one byte remaining after it's fixed fields.\n"

      > I'm just trying to come up with a suitable logo.

      See icon.

    2. Gene Cash Silver badge

      Re: "This frame reports only one byte remaining after it's fixed fields.\n"

      From the end of the article: "He's also asked that the flaws he finds not be named or branded with a logo"

      Kudos to him.

    3. Anonymous Coward
      Thumb Up

      Re: "This frame reports only one byte remaining after it's fixed fields.\n"

      Well the name, at least, is obvious: Apostrophail.

  8. Starace

    Useless patch model

    If only someone had the foresight to engineer a system where signed driver and system patches could be applied to existing devices, without needing to affect any OEM specific bits.

    I mean you'd think by this stage some sort of proper update system might have been added, it's not like they haven't existed for years.

    Though I guess if forced obsolescence is your goal this isn't exactly a priority.

    1. Hans 1

      Re: Useless patch model

      We need a FSF phone OS that works on all phones => problem solved. Ideally, the system would have some sort of hardware detector to activate drivers ... I mean GNU/Linux does it quite nicely, we need that for phone OS' and I do not care if it is android based, it HAS TO BE FSF so we can apply patches as we see fit ... just like GNU/Linux.

      EDIT: so miffed I originally wrote FFS iso FSF ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like