Wi-Fi Vulnerabilities: Android and Linux Devices at Risk!

The Cybersecurity experts have recently discovered two open-source Wi-Fi vulnerabilities (CVE-2023-52161 and CVE-2023-52160) that affect Android, Linux, and ChromeOS devices. These vulnerabilities could be used by attackers to trick users into joining a malicious network created to steal their passwords.

In a recent study done in collaboration with Mathy Vanhoef, who has previously discovered Wi-Fi attacks like KRACK, TunnelCrack, and DragonBlood, Top10VPN stated that Attackers can use these Wi-Fi vulnerabilities to lure users into connecting to phony copies of reliable networks so they can intercept their network and traffic to join otherwise secure networks without requiring a password.

Wi-Fi Vulnerabilities: CVE-2023-52161 & CVE-2023-52160

CVE-2023-52161, allows an attacker to enter a secured Wi-Fi network without authorization, leaving users and devices vulnerable to assaults like malware infections, data theft, and business email compromise (BEC). It affects IWD 2.12 and earlier versions.

CVE-2023-52160, on the other hand, impacts wpa_supplicant versions 2.10 and earlier. Being the default software that Android devices use to manage login requests to WiFi networks makes it the more serious of the two issues.

Wi-Fi Vulnerabilities

Image Source:

How The Hack Works:

Attackers set up a fake Wi-Fi network pretending to be a trusted one (e.g., “CoffeeShop_Free_Wi-Fi”). Once a device is connected, its traffic is routed through the attacker’s network, enabling data interception. Hackers can initiate “evil twin” attacks where they intercept traffic by cloning a legitimate Wi-Fi network and luring users to connect.

That being said, these Wi-Fi vulnerabilities only affect Wi-Fi clients that aren’t set up correctly to check the authentication server’s certificate. However, any network that makes use of a Linux device as a wireless access point (WAP) is vulnerable to CVE-2023-52161.

To exploit CVE-2023-52160 vulnerability, attackers will need access to the SSID of a Wi-Fi network that the victim has previously connected to. Additionally, the attacker must also be physically close (in wifi range) to the victim for it to work.

According to the researchers, one such scenario would be when an attacker searches for networks waiting around the company’s building and targets employees coming our going out of the office.

Possible For For CVE-2023-52161 & CVE-2023-52160:

Advisories for the two Wi-Fi vulnerabilities have been made available by popular Linux distributions, including Debian (1, 2), Red Hat (1), SUSE (1, 2), and Ubuntu (1, 2). Additionally, ChromeOS versions 118 and later have fixed the wpa_supplicant issue; however, solutions for Android have not yet been released.

Therefore, in order to prevent the attack, Android users must manually configure the CA certificate of any enterprise networks they have saved, according to Top10VPN.


About the author


Leave a Comment