Researchers in cybersecurity have unearthed two authentication bypass vulnerabilities in open-source Wi-Fi software utilized by Android, Linux, and ChromeOS devices. These flaws could deceive users into connecting to a malicious imitation of a legitimate network or enable attackers to join a trusted network without a password.
Identified as CVE-2023-52160 and CVE-2023-52161, these vulnerabilities emerged during a security assessment of wpa_supplicant and Intel’s iNet Wireless Daemon (IWD), respectively. The security gaps permit attackers to manipulate victims into linking with malevolent duplicates of trusted networks, intercepting their traffic, and accessing secure networks without requiring a password.
Particularly, CVE-2023-52161 allows unauthorized access to a protected Wi-Fi network, potentially exposing users and devices to threats like malware infections, data theft, and business email compromise (BEC), affecting IWD versions 2.12 and below. Conversely, CVE-2023-52160 impacts wpa_supplicant versions 2.10 and earlier, posing a more significant risk as it is the default software on Android devices for handling wireless network login requests.
Exploiting CVE-2023-52160 necessitates the attacker having the SSID of a Wi-Fi network to which the victim connected previously and being in physical proximity to the victim. For instance, an attacker could scan for networks around a company’s building before targeting an employee leaving the office.
Major Linux distributions such as Debian, Red Hat, SUSE, and Ubuntu have issued advisories for these flaws. While the wpa_supplicant issue has been addressed in ChromeOS versions 118 and later, fixes for Android are pending. In the interim, Android users are urged to manually configure the CA certificate of saved enterprise networks to thwart potential attacks.