Alert: Two major flaws expose WiFi networks to attack, affects billions of users

Written by

Geoff Halstead

Published on

Reading time

5 min.

WiFi

Summary

Two major flaws in open-source software could enable bad actors to break into password-protected home and enterprise WiFi networks. The vulnerabilities affecting WiFi networks were published in Top10VPN, with contributions from Mathy Vanhoef, a leading security researcher. The two flaws are separate, but together, open up many home and enterprise WiFi networks to attacks. Specifically, the security vulnerabilities allow for what are known as authentication bypass attacks. These would allow hackers to trick users into connecting to cloned versions of trusted networks, intercept their data, and join the real networks without a password.

  • Approximately 2.3 billion Android users worldwide are at risk from major flaw in the wpa_supplicant software used by Android devices to connect to password-protected WiFi networks – but particularly users in Enterprise, Small Business and Education environments.
  • The second vulnerability concerns the IWD software and affects home networks. However, it only puts Linux devices at risk, so not as many users will be affected by this flaw. Home users should note, however, that many Smart Home appliances – such as AndroidTV boxes and home. hubs – run on Linux.

The Details

CVE-2023-52160: Affects 2.3 billion Android users

The biggest flaw concerns wpa_supplicant v2.10 and lower, which is used by Android devices to connect to password-protected WiFi networks. Additionally, the researchers say that wpa_supplicant is also used to connect to WiFi networks in Linux and ChromeOS devices, so the vulnerabilities are far-reaching. According to the paper, this flaw will only affect devices that aren’t configured properly. However, the researchers add that many Android devices aren’t configured properly. They suspect that 2.3 billion Android users could be affected by this one security flaw.

This vulnerability could allow bad actors to trick users into connecting to cloned versions of trusted networks, intercept their data, and join real networks without a password. The flaw specifically affects devices that are not configured properly, which is a common occurrence among Android devices. While the vulnerability only concerns enterprise networks (WPA2-E or WPA3-E), it still poses a risk due to the widespread use of enterprise networks in businesses and schools, especially in the education sector where ChromeOS devices are prevalent.

The education sector seems particularly at risk since ChromeOS devices are extremely common there. Plus, students may be more likely to be duped by cloned WiFi networks, especially at younger ages. It’s also risky due to the fact that sensitive information is often secured by these enterprise networks.

CVE-2023-52161: Affects Linux and Chrome Devices Widely Used In Businesses, Schools and Enterprise Networks

The second vulnerability concerns the IWD software and affects home networks, and is different in that it allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices to attack.

The risks of such an attack, particularly to a small business using this kind of WiFi network, are significant and include:

  • Interception of sensitive data
  • Malware infections
  • Ransomware attacks
  • Business email compromise
  • Password theft

However, it only puts Linux devices at risk, so not as many users will be affected by this flaw. Home users should note, however, that many Smart Home appliances – such as AndroidTV boxes and home. hubs – run on Linux.

How can you protect your devices?

Both vulnerabilities were reported to vendors, have been patched and are available as part of their public code repositories. The usual advice about updating software and operating systems applies with IWD, as it releases frequent updates. However, the OS you are using will determine how straightforward it is to make sure your devices are secured against the wpa_supplicantvulnerability.

  • ChromeOS users can simply update to the latest version as it has been patched since at least version 118.
  • Linux users however are reliant on their distribution providing a patched version of wpa_supplicant. This is not typically done by default, so maintainers will have to ensure the patch is backported into the provided wpa_supplicant version.
  • Android users unfortunately must wait on a new Android security update that includes the wpa_supplicant patch. This can unfortunately take a long time, from several months up to even years. In the meantime, it’s critical therefore that Android users manually configure the CA certificate of any saved Enterprise networks to prevent the attack.
  • University students and staff connecting to eduroam can also can use the CAT tool to securely configure Android. On the latest Android devices, it’s also possible to use Trust-on-First-Use (TOFU) to automatically trust the CA certificate when connecting to the network for the first time.
  • A sensible precaution would also be to clean up any unused WPA2/3 enterprise networks and to toggle off automatic reconnection for any regularly used networks of that type.

Or Protect Your Networking and Data

While all of these steps – and others for good ‘cyber-hygiene’ are important – they are also typically burdensome and difficult for small business and home users to implement and maintain. All the while, the next vulnerability waiting to be exploited is just around the corner.

This is why most experts recommend that as an additional defense habitually using a VPN for public WiFi networks. These will at least prevent an attacker from intercepting your internet traffic, as it will be encrypted. However, VPNs themselves have widely known architectural flaws that make them vulnerable to hacking, and only protect your data while in transit.

Faction Networks eliminate the vulnerabilities VPNs to protect your networkin and data easily in a totally decentralized, encrypted Zero Trust Faction Personal Private Network (PPN) visible, accessible and controlled only by you. Faction Pods also enable users to secure smart and dumb devices – like printers, cameras, storage drives, UPS (Uninterruptible Power Supply) – which VPNs and Firewalls cannot protect by taking them OFF the Internet and into your Faction PPN.

Learn More

Use our KEV Search Tool:

  • CVE-2023-52161
  • CVE-2023-52161

Related Blogs

WiFi

Alert: Two major flaws expose WiFi networks to attack, affects billions of users

Reading Time: 5 min.

Summary Two major flaws in open-source software could enable bad actors to break into password-protected home and enterprise WiFi networks. The…

Read more

The Internet Cannot be Defended from the PRC

Reading Time: 4 min.

The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of…

Read more
Keep It Simple

KISS: Keep It Simple Security

Reading Time: 7 min.

Faction Networks changes the paradigm and enables K.I.S.S. by going back to the foundation of actually securing networking, and then…

Read more
Linux XYZ Utils Back Door

The System is Blinking Red

Reading Time: 6 min.

The “Good Enough” strategy in Cyber Security is not going to cut it any more. The time frame here is…

Read more

How Could This Happen?! A Deep Dive into the Change Healthcare Attack

Reading Time: 11 min.

It’s not an aberration – it WILL happen again As many of you have no doubt heard or read about,…

Read more
Food Manufacturing

Not Just ‘Factories’ – 40% of Food & Beverage Manufacturers Impacted by Ransomware Attack

Reading Time: 1 min.

JSB Foods ransomware incident just a prominent example According to Claroty, more than 40% of food and beverage-sector respondents had…

Read more
Hacking data

Why a 2nd Class Air National Guardsman Could Read the Pentagon’s Briefings on Ukraine’s War Plan

Reading Time: 3 min.

Most people by now have heard of Jack Teixeira, or if not at least the infamous story of how a…

Read more
Smart UPS Devices

Uninterruptible Power Supply (UPS) Devices In the Bullseye for Hackers

Reading Time: 2 min.

Weak Protocols and Built-in Back Doors Make These Inviting Targets The Cybersecurity and Infrastructure Security Agency (CISA) and the Department…

Read more

Nobody Would Have Agreed to This

Reading Time: 9 min.

Even George Orwell Could Not Have Imagined the World We Live in Today Let’s Start with a Thought Experiment If…

Read more

5 Easy Cybersecurity Steps to Radically Reduce Your Risk NOW

Reading Time: 9 min.

For most small to mid-sized business owners, just keeping business and operations running is the primary concern. When one looks…

Read more

Warning: Undefined array key 0 in /var/www/factionnetworks/wp-content/themes/bricks/includes/elements/code.php(216) : eval()'d code on line 19

Warning: Attempt to read property "cat_ID" on null in /var/www/factionnetworks/wp-content/themes/bricks/includes/elements/code.php(216) : eval()'d code on line 19

Warning: Undefined array key 0 in /var/www/factionnetworks/wp-content/themes/bricks/includes/elements/code.php(216) : eval()'d code on line 20

Warning: Attempt to read property "cat_name" on null in /var/www/factionnetworks/wp-content/themes/bricks/includes/elements/code.php(216) : eval()'d code on line 20

Alert: Two major flaws expose WiFi networks to attack, affects billions of users

Summary Two major flaws in open-source software could enable bad actors to break into password-protected home and enterprise WiFi networks. The vulnerabilities affecting WiFi networks were published in Top10VPN, with contributions from Mathy Vanhoef, a leading security researcher. The two flaws are separate, but together, open up many home and enterprise WiFi networks…

Reading Time: 5 min.

WiFi

Summary

Two major flaws in open-source software could enable bad actors to break into password-protected home and enterprise WiFi networks. The vulnerabilities affecting WiFi networks were published in Top10VPN, with contributions from Mathy Vanhoef, a leading security researcher. The two flaws are separate, but together, open up many home and enterprise WiFi networks to attacks. Specifically, the security vulnerabilities allow for what are known as authentication bypass attacks. These would allow hackers to trick users into connecting to cloned versions of trusted networks, intercept their data, and join the real networks without a password.

  • Approximately 2.3 billion Android users worldwide are at risk from major flaw in the wpa_supplicant software used by Android devices to connect to password-protected WiFi networks – but particularly users in Enterprise, Small Business and Education environments.
  • The second vulnerability concerns the IWD software and affects home networks. However, it only puts Linux devices at risk, so not as many users will be affected by this flaw. Home users should note, however, that many Smart Home appliances – such as AndroidTV boxes and home. hubs – run on Linux.

The Details

CVE-2023-52160: Affects 2.3 billion Android users

The biggest flaw concerns wpa_supplicant v2.10 and lower, which is used by Android devices to connect to password-protected WiFi networks. Additionally, the researchers say that wpa_supplicant is also used to connect to WiFi networks in Linux and ChromeOS devices, so the vulnerabilities are far-reaching. According to the paper, this flaw will only affect devices that aren’t configured properly. However, the researchers add that many Android devices aren’t configured properly. They suspect that 2.3 billion Android users could be affected by this one security flaw.

This vulnerability could allow bad actors to trick users into connecting to cloned versions of trusted networks, intercept their data, and join real networks without a password. The flaw specifically affects devices that are not configured properly, which is a common occurrence among Android devices. While the vulnerability only concerns enterprise networks (WPA2-E or WPA3-E), it still poses a risk due to the widespread use of enterprise networks in businesses and schools, especially in the education sector where ChromeOS devices are prevalent.

The education sector seems particularly at risk since ChromeOS devices are extremely common there. Plus, students may be more likely to be duped by cloned WiFi networks, especially at younger ages. It’s also risky due to the fact that sensitive information is often secured by these enterprise networks.

CVE-2023-52161: Affects Linux and Chrome Devices Widely Used In Businesses, Schools and Enterprise Networks

The second vulnerability concerns the IWD software and affects home networks, and is different in that it allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices to attack.

The risks of such an attack, particularly to a small business using this kind of WiFi network, are significant and include:

  • Interception of sensitive data
  • Malware infections
  • Ransomware attacks
  • Business email compromise
  • Password theft

However, it only puts Linux devices at risk, so not as many users will be affected by this flaw. Home users should note, however, that many Smart Home appliances – such as AndroidTV boxes and home. hubs – run on Linux.

How can you protect your devices?

Both vulnerabilities were reported to vendors, have been patched and are available as part of their public code repositories. The usual advice about updating software and operating systems applies with IWD, as it releases frequent updates. However, the OS you are using will determine how straightforward it is to make sure your devices are secured against the wpa_supplicantvulnerability.

  • ChromeOS users can simply update to the latest version as it has been patched since at least version 118.
  • Linux users however are reliant on their distribution providing a patched version of wpa_supplicant. This is not typically done by default, so maintainers will have to ensure the patch is backported into the provided wpa_supplicant version.
  • Android users unfortunately must wait on a new Android security update that includes the wpa_supplicant patch. This can unfortunately take a long time, from several months up to even years. In the meantime, it’s critical therefore that Android users manually configure the CA certificate of any saved Enterprise networks to prevent the attack.
  • University students and staff connecting to eduroam can also can use the CAT tool to securely configure Android. On the latest Android devices, it’s also possible to use Trust-on-First-Use (TOFU) to automatically trust the CA certificate when connecting to the network for the first time.
  • A sensible precaution would also be to clean up any unused WPA2/3 enterprise networks and to toggle off automatic reconnection for any regularly used networks of that type.

Or Protect Your Networking and Data

While all of these steps – and others for good ‘cyber-hygiene’ are important – they are also typically burdensome and difficult for small business and home users to implement and maintain. All the while, the next vulnerability waiting to be exploited is just around the corner.

This is why most experts recommend that as an additional defense habitually using a VPN for public WiFi networks. These will at least prevent an attacker from intercepting your internet traffic, as it will be encrypted. However, VPNs themselves have widely known architectural flaws that make them vulnerable to hacking, and only protect your data while in transit.

Faction Networks eliminate the vulnerabilities VPNs to protect your networkin and data easily in a totally decentralized, encrypted Zero Trust Faction Personal Private Network (PPN) visible, accessible and controlled only by you. Faction Pods also enable users to secure smart and dumb devices – like printers, cameras, storage drives, UPS (Uninterruptible Power Supply) – which VPNs and Firewalls cannot protect by taking them OFF the Internet and into your Faction PPN.

Learn More

Use our KEV Search Tool:

  • CVE-2023-52161
  • CVE-2023-52161
If you liked this post, Share it on: