Experts have identified a way to “confuse” your device when it tries to connect to a trusted Wi-Fi network. As a result, the device is connected to a rogue network, where threat actors can spy on network traffic and possibly even steal sensitive information passing through it.
a report of Hacker News discovered that the IEEE 802.11 Wi-Fi standard is vulnerable to a flaw identified as CVE-2023-52424.
It affects all operating systems and all Wi-Fi clients, and home networks, mesh networks are all vulnerable, regardless of whether they are based on WEP, WPA3, 802.11X/EAP or AMPE protocols.
Conditions and prerequisites
The researchers explained that by spoofing a trusted network name (SSID), attackers can essentially “demote” the victim to a less secure network.
“A successful SSID confusion attack also causes any VPN with the functionality to automatically disable on trusted networks to shut down, leaving the victim's traffic exposed,” the researchers added.
CVE-2023-52424 revolves around the idea that SSIDs are not always authenticated and that security measures are activated only when a device requests to join a specific network.
“In our attack, when the victim wants to connect to the TrustedNet network, we trick them into connecting to a different network, WrongNet, that uses similar credentials,” the researchers explained. “As a result, the victim's client will think and display the user, who is connected to TrustedNet, when he is actually connected to WrongNet.”
However, before the attack can be successful, the victim must meet some conditions, including wanting to connect to a trusted network, having a separate network with the same authentication credentials available, and the attacker being within range to perform an operation. Of attack. -Intermediate attack between the victim and the trusted network.
The researchers concluded that the simplest way to address SSID confusion attacks is to upgrade to the 802.11 Wi-Fi standard.