Skip to content Skip to footer

New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

researchers have recently discovered two severe in Wi-Fi software used in , Linux, and ChromeOS devices. These flaws could allow attackers to create a fake network that looks legitimate to users and trick them into joining it or even allow attackers to join a trusted network without a password. These have been identified as CVE-2023-52160 and CVE-2023-52161, and they expose users and devices to potential attacks such as infections, data theft, and business email compromise (BEC).

The flaws exist in two software packages, namely wpa_supplicant and Intel's iNet Wireless Daemon (IWD). CVE-2023-52161 impacts IWD versions 2.12 and lower and allows adversaries to gain unauthorized access to a protected Wi-Fi network. On the other hand, CVE-2023-52160 affects wpa_supplicant versions 2.10 and prior. It is the default software used in devices to handle login requests to wireless networks. Although it only affects Wi-Fi clients that aren't correctly configured to verify the authentication server's certificate, it's still the more pressing vulnerability of the two.

To CVE-2023-52160, an attacker must have the SSID of a Wi-Fi network to which the victim has previously connected and be physically close to the victim. CVE-2023-52161 affects any network that uses a Linux device as a wireless access point (WAP). Major Linux distributions like Debian, Red Hat, SUSE, and Ubuntu have released advisories for these two flaws, and the wpa_supplicant issue has also been addressed in ChromeOS from versions 118 and later. However, fixes for are yet to be made available.

Users are advised to manually configure the CA certificate of any saved enterprise networks to prevent the attack. Users must take note of these and take necessary precautions to ensure their devices are secured.

Want to read more? Check out the original article available at The Hacker News!

Read More

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Kid, don't threaten me. There are worse things than death, and uh, I can do all of them.The Plague

Deitasoft © 2024. All Rights Reserved.