New WiFi vulnerabilities allow attackers to fake and overtake networks

Billions of Android users worldwide could be affected by a new WiFi vulnerability, which hackers may exploit to create clones of WiFi hotspots and intercept data, researchers have found. Another new vulnerability enables unauthorized access to protected home Wi-Fi networks, exposing devices and data.

The first security flaw affects “wpa_supplicant,” an open-source software implementation of security mechanisms for wireless networks, such as the WPA (WiFi Protected Access).

WiFi networks using the Enterprise mode of WPA2/3 are at risk, as demonstrated by Simon Migliano from and experienced security researcher Mathy Vanhoef.

“There are 2.3 billion Android users worldwide who could therefore be affected by this vulnerability,” researchers said.

Also, this open-source implementation is found in almost all Linux devices and ChromeOS, used in Chromebooks.

“The wpa_supplicant vulnerability allows a bad actor to trick their victim into automatically connecting to a malicious clone of a trusted WiFi network in order to intercept their traffic. As the attack requires no action by the victim, it’s likely the victim would be unaware they had been targeted,” researchers warn.

All the bad actor needs is the name (the SSID) of an Enterprise WPA2/3 network, which could be easily obtained by walking around a building and scanning.

The flaw affects the implementation of PEAP (protected extensible authentication protocol), which is a security protocol used to secure WiFi networks better. Attackers could skip the second phase of authentication when the target device has not been properly configured to verify the authentication server.

Another vulnerability affects Intel’s iNet Wireless Daemon (IWD) platform, a comprehensive connectivity solution for Linux, which is also open source and mostly used in home WiFi networks.

“It affects everyone using IWD as an access point, as the vulnerability does not rely on any misconfiguration,” researchers warn. “It allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices to attack.”

The risks include the interception of sensitive data, malware or ransomware infections, email compromise, credential theft, and others.

Both vulnerabilities were reported to vendors, have been patched, and are available as part of their public code repositories. Users should update their software. Unfortunately, Android users must wait for a new Android security update that includes the wpa_supplicant patch.

“In the meantime, it’s critical, therefore, that Android users manually configure the CA certificate of any saved Enterprise networks to prevent the attack.”

Most of the key ransomware operators explicitly forbid affiliates to target organizations in Russia and members of the Moscow-led Commonwealth of Independent States (CIS).

More from Cybernews:

Why are people returning their Apple Vision Pro headsets?

More LockBit affiliates arrested, $10M bounty for info on others

iPhone fraudsters facing jail after robbing Apple of $3M

ConnectWise critical bug exploited in wild escalates

Google releases Gemma lightweight AI open models

Subscribe to our newsletter


prefix 3 months ago
It is "Wi-Fi" , not WiFi...
prefix 3 months ago
This is nothing new and it's not just Android. If the client doesn't validate the authentication server, it's no different than connecting to a fake bank website thinking it is yours even though you ignore the giant warning about an untrusted TLS certificate.
Leave a Reply

Your email address will not be published. Required fields are markedmarked