Cybersecurity researchers have identified two critical authentication bypass flaws in widely-used open-source Wi-Fi software present in Android, Linux, and ChromeOS devices. These vulnerabilities, known as CVE-2023-52160 and CVE-2023-52161, could potentially allow attackers to manipulate users into connecting to malicious network clones or infiltrate trusted networks without requiring authentication credentials. Discovered during a security assessment of wpa_supplicant and Intel’s iNet Wireless Daemon (IWD), the flaws were revealed by researchers collaborating with Mathy Vanhoef, known for uncovering previous Wi-Fi vulnerabilities like KRACK, DragonBlood, and TunnelCrack.
Of the two vulnerabilities, CVE-2023-52161 poses a particularly severe threat by permitting unauthorized access to secured Wi-Fi networks, potentially exposing connected devices and users to various malicious activities such as malware attacks, data theft, and business email compromise (BEC). This vulnerability affects IWD versions 2.12 and lower. On the other hand, CVE-2023-52160 impacts wpa_supplicant versions 2.10 and earlier, which is significant as it is the default Wi-Fi software utilized in Android devices for managing wireless network authentication requests.
The exploitation of CVE-2023-52160 relies on the attacker possessing the SSID of a Wi-Fi network previously connected to by the victim, along with physical proximity to the target. This scenario underscores the importance of prompt patching and manual configuration of enterprise network certificates for Android users to mitigate the risks associated with these vulnerabilities. Major Linux distributions, including Debian, Red Hat, SUSE, and Ubuntu, have released advisories addressing the flaws, while fixes for ChromeOS have been implemented in versions 118 and beyond. However, patches for Android devices are still pending, emphasizing the critical need for proactive security measures in the interim.
