CVE-2023-52160 Wi-Fi Vulnerability

Security researchers have uncovered two authentication bypass vulnerabilities in open-source Wi-Fi software used in Android, Linux, and ChromeOS devices. These flaws, identified as CVE-2023-52160 and CVE-2023-52161, were revealed during a security assessment of wpa_supplicant and Intel's iNet Wireless Daemon (IWD), respectively. Exploiting these vulnerabilities could deceive users into unknowingly connecting to fraudulent network clones or enable attackers to join a trusted network without requiring a password. The consequences include potential interception of users' data traffic on malicious network clones and unauthorized access to otherwise secure networks.

The Impact of the CVE-2023-52160 Wi-Fi Vulnerability

CVE-2023-52160 affects wpa_supplicant versions 2.10 and prior. It's also the more pressing of the two flaws owing to the fact that it's the default software used in Android devices to handle login requests to wireless networks. That said, it only impacts Wi-Fi clients that aren't properly configured to verify the certificate of the authentication server.

Successful exploitation of CVE-2023-52160 banks on the prerequisite that the attacker is in possession of the SSID of a Wi-Fi network to which the victim has previously connected. It also requires the threat actor to be physically close to the victim. One possible scenario might be where an attacker walks around a company's building scanning for networks before targeting an employee leaving the office.

The vulnerability CVE-2023-52161 specifically allows an attacker to obtain unauthorized access to a secured Wi-Fi network, putting current users and devices at risk of potential threats, including malware infections, data theft, and business email compromise (BEC). This vulnerability affects IWD versions 2.12 and earlier. CVE-2023-52161 poses a risk to any network utilizing a Linux device as a wireless access point (WAP).

Researchers Urge Companies and Users to Take Measures against Disclosed Exploits

Prominent Linux distributions such as Debian, Red Hat, SUSE, and Ubuntu have issued advisories addressing the two identified flaws. The wpa_supplicant concern has been resolved in ChromeOS versions 118 and beyond. However, fixes for Android are pending. As a precautionary measure, Android users are strongly urged to manually configure the CA certificate for any stored enterprise networks to mitigate potential attacks.

Google has confirmed the availability of patches for this vulnerability and has communicated with original equipment manufacturers (OEMs) to implement and distribute the patches to their users. Security experts emphasize the importance of users consistently installing the latest security updates on their devices as a fundamental best practice for ensuring optimal security.