A couple of new Wi-Fi authentication bypass vulnerabilities found in open source software could expose many enterprise and home networks to attacks.
The vulnerabilities were discovered by Mathy Vanhoef, a professor at the KU Leuven research university in Belgium, and Heloise Gollier, a student at KU Leuven, in collaboration with VPN testing company Top10VPN. Vanhoef is well known for his research in the field of Wi-Fi security, including for the attacks named KRACK, Dragonblood, and FragAttacks.
The newly disclosed Wi-Fi authentication bypass vulnerabilities have been found in Wpa_supplicant and Intel’s iNet Wireless Daemon (IWD) software.
Wpa_supplicant, which provides support for WPA, WPA2 and WPA3, is present in all Android devices, a majority of Linux devices, and the Chromebook operating system ChromeOS.
The vulnerability identified in Wpa_supplicant, tracked as CVE-2023-52160, can be exploited against users connecting to an enterprise Wi-Fi network. The flaw can allow an attacker to trick a targeted user into connecting to a malicious Wi-Fi network set up to mimic a legitimate enterprise network. The attacker can then intercept the victim’s traffic.
“The vulnerability can be exploited against Wi-Fi clients that are not properly configured to verify the certificate of the authentication server, which unfortunately still often occurs in practice, in particular with ChromeOS, Linux, and Android devices,” the researchers wrote in a paper describing the flaws.
No user interaction is required to exploit the vulnerability. The attacker, however, needs to be in range of the victim and know the SSID of an enterprise network the victim previously connected to.
The security hole found in IWD is tracked as CVE-2023-52161 and it can be exploited to gain access to home or small business Wi-Fi networks. The attacker can abuse the targeted Wi-Fi network for various activities, including to connect to the internet, and attack other devices on the network. An attacker can also intercept sensitive data and deliver malware.
“The vulnerability allows an adversary to skip message 2 and 3 of the 4-way handshake, enabling an adversary to complete the authentication process without knowing the network’s password,” the researchers said.
Impacted vendors have been informed. Google has patched the vulnerability with the release of ChromeOS 118 and Android users should have the fixes soon. A patch is also available for Linux, but it’s up to Linux distributions to deliver it to users. Mitigations are also available.
Related: Recovering Wi-Fi Password via Dragonblood Attack Costs $1 of Computing Power
Related: Mysterious Malware Uses Wi-Fi Scanning to Get Location of Infected Device
Related: Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles
