Many of the most popular laptops and smartphones in use today could be vulnerable to two major security flaws that could result in identity theft, data exfiltration, business email compromise (BEC) and other risks, they warned The experts.
This is according to cybersecurity researchers at Top10VPN and Mathy Vanhoef, who found two separate vulnerabilities: one tracked as CVE-2023-52160 and another tracked as CVE-2023-52161.
With the latter, a threat actor could join an otherwise protected Wi-Fi network and attack other devices connected to it with malware or information stealers. The first, on the other hand, is found in the default software that Android uses to manage login to wireless networks and allows hackers to create a malicious clone of legitimate networks. If a victim is tricked into joining this malicious clone, their traffic can be hijacked.
Patches available
While the vulnerabilities sound sinister, they are not that easy to exploit. For the first, the target's Wi-Fi client must be configured to not verify the authentication server's certificate. Additionally, the attacker needs to know the SSID of the Wi-Fi network that the victim usually connects to and must be close enough to be able to connect to it.
“One such possible scenario could be when an attacker walks through a company building searching for networks before attacking an employee leaving the office,” the researchers explained.
CVE-2023-52161 was said to affect any network that used a Linux device as a wireless access point.
Most Linux distributions (Debian, Red Hat, SUSE, Ubuntu) have released patches, as has ChromeOS. An Android fix is still pending.
“In the meantime, it is critical that Android users manually configure the CA certificate of any saved enterprise networks to prevent the attack,” Top10VPN said.
Through Hacker News
