Linux has had long standing issues with memory leaks. These exposures often give attackers the means to crash devices, create denial of service, and in some cases, extract sensitive data from host devices. A security researcher, Soenke Huster from Germany’s Technical University of Darmstadt, recently reported a buffer overwrite in the Linux Kernel mac80211 Wi-Fi framework. This overwrite could be triggered remotely by misusing WLAN frames. This led to the security team at SUSE to discover 4 more buffer overwrite exposures that could be triggered by specially crafted Wi-Fi beacon frames, for a current total of 5 such issues: https://seclists.org/oss-sec/2022/q4/23
This type of exposure is potentially serious because all an attacker needs to do is broadcast malicious Wi-Fi beacon frames and wait for vulnerable devices to process those frames. Wi-Fi devices are typically in listen mode for beacons, so the attack has a high probability of success. In most public and corporate settings there are no restrictions on bringing in a device that issues Wi-Fi beacons. Most organizations simply don’t monitor their airspace, so they have no way to identify or stop this type of attack.
On the positive side, these latest vulnerabilities have been patched in the applicable versions of Linux. However, in some cases those versions may be used in devices (IoT in particular) that do not have updates that address them, even though their underlying Linux OS has patches available.
In short, finding what devices in your network have the exposure could be tricky and applying the required patches might not be possible in all cases.
So where does that leave organizations running mission critical processes that cannot afford Wi-Fi connected devices (medical, industrial IoT, process control, etc.) to go down? Orchestra’s airspace monitoring and policy enforcement solution, Harmony IoT, provides a practical way to address this and countless other Wi-Fi exposures. Here is how it works:
Harmony IoT passively monitors the airspace for all activity. Any device issuing Wi-Fi beacons is immediately discovered. Harmony IoT simply logs the activity in the case of devices that are authorized to operate in the airspace, and are behaving normally (e.g., sending out normal and not malformed beacon frames). If malformed beacons are detected, Harmony IoT identifies the offending AP device and raises an alert. Harmony IoT also detects and alerts on rogue APs or other unauthorized devices within the monitored airspace. In facilities conducting mission critical processes, monitoring and protecting the airspace are essential to maintaining operational continuity and integrity. For more information, check out our Harmony IoT resources.