Cybersecurity researchers have identified two authentication bypass flaws in the Open source Wi-Fi software present in Android, Linux and ChromeOS devices (or even the fork, ChromeOS Flex), which could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password.
What are these Wi-Fi vulnerabilities on Android, Linux and ChromeOS operating systems
The vulnerabilities, identified as CVE-2023-52160 and CVE-2023-52161, were discovered during a safety evaluation of wpa_supplicant and the iNet Wireless Daemon (IWD) of Intel, respectively.
The flaws, according to insiders “allow attackers to trick victims into connecting to clones [creati da] attackers from trusted networks and intercept their traffic, and join otherwise secure networks without needing the password“, has declared Top10VPN in new research conducted in collaboration with Mathy Vanhoef, who has previously discovered Wi-Fi attacks such as KRACK, DragonBlood And TunnelCrack.
CVE-2023-52161, in particular, allows an adversary to gain unauthorized access to a protected Wi-Fi network, exposing existing users and devices to potential attacks such as malware infections, data theft and business email compromise (BEC); It should be noted that this vulnerability affects IWD versions 2.12 and earlier, therefore always keep operating systems updated.
On the other hand, CVE-2023-52160 affects wpa_supplicant versions 2.10 and earlier; among other things this is also the more critical flaw of the two, as it is the default software used in Android devices to handle requests to access wireless networks.
That said, it only affects Wi-Fi clients that are not properly configured to verify the authentication server's certificate; CVE-2023-52161, however, covers any network that uses a Linux device as a wireless access point (WAP); Top10VPN shows this in one of its videos uploaded to YouTube.
Successful exploitation of CVE-2023-52160 is based on the assumption that the attacker has the SSID of a Wi-Fi network to which the victim has previously connected; also requires that the cyber criminal and in physical proximity to the victim.
“One possible scenario could be that an attacker circles a company building looking for networks before targeting an employee leaving the office,” the researchers said.
The most important Linux distributions such as Debian (and derivatives such as MX Linux, or Kali for example), Red Hat (and related derivatives), SUSE (with related derivatives) and Ubuntu (adding related derivatives such as ZorinOS, for example) they issued warnings for the two flaws; the wpa_supplicant issue has also been fixed in ChromeOS from versions 118 onwardsbut fixes for Android have yet to be made available.
“In the meantime, it is crucial for Android users to manually configure the CA certificate of any saved corporate network to prevent the attack“said Top10VPN.
In conclusion
Recent vulnerabilities in open-source Wi-Fi software highlight the importance of digital security in an increasingly connected world; therefore users and service providers must be proactive in mitigating these risks by promptly implementing patches and security updates. Collaboration between researchers and developers is essential to identify and resolve these cyber threats.
In the meantime, Android users should take manual measures to protect themselves, demonstrating how crucial an awareness of cybersecurity is in the daily use of devices.
To add the advice of do not connect to nearby free Wi-Fi networks if you think they may be suspicious.
#WiFi #Android #Linux #systems #vulnerability #hackers
