The issue lies with the Linux driver software for Realtek Wi-Fi chips. A coding error makes it possible for someone within Wi-Fi range to disable or possibly even hijack the device. The attacker won’t need to know your Wi-Fi network password or the network name.
Because most routers and smart-home devices run Linux, and the Android operating system is a variant of Linux, the potential impact of this flaw is huge. We just don’t yet know how huge, because the flaw was discovered only this week, it’s still being studied and no exploit has yet been written for it.
How to protect yourself
There’s not much you can do for now, except to turn off Wi-Fi on your Android phone when you leave the house or office so that random devices along the way can’t interact with you.
Regarding your smart-home devices, routers, and PCs running Linux, that’s trickier. Most of these devices need to have their Wi-Fi radios on all the time. But that means they could be attacked by anyone within range, including from the apartment or house next door, or from the street if you live on lower floors.
A fix to the driver is being worked on, but it will be at least a few days before affected PCs can be updated. It may be weeks before affected smartphones get fixes, and many smart-home and embedded devices may never be updated.
Too much to handle
The problem isn’t with the Realtek chips themselves, but rather with the RTLWIFI Linux driver written for those chips. A coding oversight lets an attacker create a buffer overflow — i.e., cause malfunctions by inputting too much information — in the Linux kernel simply by broadcasting malicious commands.
This “is an overflow that should be exploitable,” Github security engineer Nico Waisman, who found the flaw Monday (Oct. 14), told Ars Technica‘s Dan Goodin yesterday (Oct. 17). “Worst-case scenario, [this] is a denial of service; best scenario, you get a shell.”
To translate Waisman’s words, you could use this flaw to crash a device, or possibly get remote system access.
The malicious commands would mess with the Realtek chip’s Wi-Fi Direct functions. Wi-Fi Direct is an integral part of the Wi-Fi protocol that lets two Wi-Fi-enabled devices connect directly without a router or a wireless network. On most devices, including many Android phones, you can’t disable Wi-Fi Direct without turning off Wi-Fi altogether.
What’s the real deal with Realtek?
The real question is how many devices use Realtek Wi-Fi chips. That’s not easy to figure out, but there seem to be millions.
The WikiDevi website lists hundreds of models of devices that use the chips, including PC network cards, wireless routers, USB Wi-Fi dongles and other networking devices made by dozens of brands, including Belkin, D-Link, Huawei, TRENDNet, Netgear and Zyxel.
Google searches reveal Realtek Wi-Fi card drivers for Acer, Asus, Dell, HP, Lenovo and Toshiba, so the networks cards seem to be pretty widely used. (We couldn’t find any Realtek drivers for Apple.) There won’t be any problem if the PCs run Windows only, but if you use Linux, make sure you install the latest updates.
But the big question is the exposure of Android phones. We couldn’t figure out if any of the most prominent Android smartphone systems-on-a-chip (SoCs), such as the Qualcomm Snapdragon, Samsung Exynos or MediaTek chips, use Realtek Wi-Fi technology.
Realtek itself makes its own SoCs, but while these seem to be used in several smart TVs and TV set-top boxes, we can’t tell if those SoCs are in any smartphones.