276
Two Wi-Fi flaws expose Android, Linux devices to attacks (thehackernews.com)
submitted 8 months ago* (last edited 8 months ago) by Squire1039@lemm.ee to c/technology@lemmy.world
19 comments fedilink hide all child comments

Vulnerabilities:

CVE-2023-52160 (wpa_supplicant) and CVE-2023-52161 (Intel's iNet Wireless Daemon) allow attackers to:

  • Trick users into joining fake Wi-Fi networks: Attackers can create malicious clones of legitimate networks and steal user data.
  • Gain unauthorized access to secure Wi-Fi networks: Attackers can join password-protected networks without needing the password, putting devices and data at risk.

Affected devices:

  • CVE-2023-52160: Android devices using wpa_supplicant versions 2.10 and prior (requires specific configuration).
  • CVE-2023-52161: Linux devices using iNet Wireless Daemon versions 2.12 and lower (any network using a Linux access point).

Mitigation:

  • Update your Linux distribution and ChromeOS (version 118 or later).
  • Android fix not yet available, but manually configure CA certificate for any saved enterprise networks as a temporary workaround.

Exploitation:

  • Attacker needs SSID and physical proximity for CVE-2023-52160.
  • CVE-2023-52161 requires no special knowledge, affecting any vulnerable network.

Links:

you are viewing a single comment's thread
view the rest of the comments
[-] heavy@sh.itjust.works 5 points 8 months ago

Business Email Compromise (BEC)? (╯°□°)╯︵ ┻━┻

[-] Squire1039@lemm.ee 1 points 8 months ago

The CVE-2023-52160, which applies to Android/linux/ChromeOS devices connecting to WPA2/WPA3 Enterprise, allows an attacker to fool the user to connect to a malicious SSID and intercept the traffic. So unencrypted traffic can be compromised. So, their listing of sensitive data, BEC, and password theft sound scary but probably affects very few services that don't encrypt the data.

[-] heavy@sh.itjust.works 1 points 8 months ago

Please don't compromise my business emails, just my personal ones.

=)

[-] Squire1039@lemm.ee 1 points 8 months ago

Considered it done. ;-)

this post was submitted on 23 Feb 2024
276 points (98.6% liked)

Technology

59381 readers
2069 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world