CVE-2024-23704
📋 TL;DR
This vulnerability allows local attackers to bypass the DISALLOW_ADD_WIFI_CONFIG restriction in Android's Settings app, enabling them to add unauthorized WiFi configurations without proper permissions. It affects Android devices where this restriction is enforced, potentially allowing escalation of privilege. No user interaction is required for exploitation.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical or local access could add malicious WiFi configurations that redirect traffic, intercept communications, or facilitate further attacks on the device.
Likely Case
Malicious apps or users could bypass enterprise WiFi restrictions to connect to unauthorized networks, potentially exposing sensitive data.
If Mitigated
With proper device management and security policies, the impact is limited as the vulnerability requires local access and bypasses only one specific restriction.
🎯 Exploit Status
Exploitation requires local access to the device but no additional privileges. The vulnerability is in the Settings app's WifiDialogActivity.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Patch Level April 2024 or later
Vendor Advisory: https://source.android.com/security/bulletin/2024-04-01
Restart Required: Yes
Instructions:
1. Apply the April 2024 Android security patch from your device manufacturer. 2. Update the Settings app if available through Google Play. 3. Reboot the device after patching.
🔧 Temporary Workarounds
Disable Settings app modifications
androidRestrict modifications to system settings using device management policies
adb shell pm disable-user --user 0 com.android.settings
Enforce WiFi configuration restrictions
allUse Mobile Device Management (MDM) to enforce strict WiFi configuration policies
🧯 If You Can't Patch
- Implement strict device access controls to prevent unauthorized local access
- Use Mobile Device Management (MDM) solutions to monitor and restrict WiFi configuration changes
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android version. If patch level is before April 2024, device is vulnerable.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level shows 'April 5, 2024' or later in Settings > About phone > Android version.📡 Detection & Monitoring
Log Indicators:
- Unauthorized WiFi configuration attempts in system logs
- Settings app activity related to WiFi configuration without proper permissions
Network Indicators:
- Unexpected WiFi network connections from managed devices
- Devices connecting to unauthorized WiFi networks
SIEM Query:
source="android_system" AND (event="wifi_configuration" OR event="settings_activity") AND user_restricted="true"🔗 References
- https://android.googlesource.com/platform/packages/apps/Settings/+/2e90322bab7de1deaf3c82e207bf4404b92743d7
- https://source.android.com/security/bulletin/2024-04-01
- https://android.googlesource.com/platform/packages/apps/Settings/+/2e90322bab7de1deaf3c82e207bf4404b92743d7
- https://source.android.com/security/bulletin/2024-04-01
