Cybersecurity

This New Wi-Fi Attack Can Disable Your VPN, Researcher Warns


A flaw in the design of the Wi-Fi standard means that an attacker can, in certain circumstances, divert your connection to a less secure network, disable your VPN and intercept traffic.

The vulnerability, identified as CVE-2023-52424, enables a service set identifier confusion attack on enterprise, mesh and some home Wi-Fi networks. The SSID confusion attack itself provides an attacker with a method of tricking a user into connecting to a less secure network than the one they think they are connecting to.

If there is credential reuse involved, this could make the user vulnerable to traffic interception. Additionally, the exploit can force any VPN that has an auto-disable mode for trusted networks to turn itself off.

ForbesNSA Warns iPhone And Android Users To Turn It Off And On Again

What Is CVE-2023-52424 And How Does It Work?

The vulnerability, uncovered by a well-known security researcher named Professor Mathy Vanhoef and published in partnership with Top10VPN, is caused by a flaw in the design of the IEEE 802.11 Wi-Fi standard. As such, it impacts all Wi-Fi clients and all operating systems if certain requirements are met. The research discovered at least six universities, in the U.K. and U.S., where both staff and students are at particular risk courtesy of credential re-use.

The full research paper, goes into all the technical detail, but the root cause is that the IEEE 802.11 standard does not always require the network name or SSID to be authenticated.

Wi-Fi access points announce wireless networks to devices nearby using beacon frames, including the SSID. To make this as easy as possible, that old chestnut of usability against security, Wi-Fi clients won’t try to authenticate those SSIDs in the beacon.

It would be fine if such security measures were only required after your device joins a network. CVE-2023-52424 proves that is not the case at all. “The result of this fundamental design flaw means all WiFi clients on all platforms and operating systems are vulnerable to the SSID confusion attack,” the report states.

ForbesApple Hacked Again-These 2 Hackers Can’t Stop Finding Security Flaws

The SSID Confusion Attack Only Works When These Requirements Are Met

The only version of the Wi-Fi Protected Access security protocol vulnerable to this SSID confusion attack is WPA3, which is generally considered more secure than the older WPA1 and WPA2 protocols. To succeed, the following requirements need to be met:

  • The victim is connecting to a trusted network.
  • A second network with the same credentials as the first is available.
  • The attacker is close enough to execute a man-in-the-middle exploit.

The research states, “The victim doesn’t need to have ever connected to the untrusted network, nor does the attacker need to know the victim’s credentials.” While most VPNs should prevent traffic from being intercepted, the report suggests that some have a feature that will automatically disable the VPN if a trusted network is being connected to it. In these circumstances, “it does leave victims’ traffic exposed when this attack succeeds.”

Cybersecurity Experts Discuss The Potential Impact Of The SSID Confusion Vulnerability

Daniel Card, founder of cybersecurity consultancy PwnDefend, said that consideration must be given to the cost and challenge of the proximity requirement to enable an exploit to succeed. “If someone is close enough for Wi-Fi, they are close enough to punch you in the face,” Card said. In other words, it works great in a lab environment but real-world exploitation is a harder thing to pull off.

Ian Thornton-Trump, the chief information security officer at threat intelligence consultancy Cyjax, thinks that the implications of this attack could be very interesting on Internet-of-Things devices. “It may be possible to ‘take over’ the wireless device connection and potentially conduct covert surveillance,” Thornton-Trump said, “This is why loT devices need to be in isolated segments and heavily restricted by port/protocol and destination to limit lateral movement and compromise.” While admitting that it’s not a catastrophic discovery, given that most Wi-Fi implementations use WPA1 and WPA2, Thornton-Trump says that research such as this is “super important.” With Wi-Fi being the foundation of our mobile digital life, he said this kind of deep analysis is long overdue. “

I’ll leave the last words with Jake Moore, global cybersecurity advisor with security vendor ESET, who said “Affecting all Wi-Fi clients, this is not a trivial flaw in the connection. Public WiFi has been given a bad name over the years, but as more people have cottoned on to VPN usage and security software as standard, threat actors have had to up their game.”

Moore says that this exploit fundamentally exposes that security comes down to trust, and users should always think twice about the shared networks they attach their devices to. “It goes without saying,” Moore said anyway, “that people should never reuse credentials, and they should make sure their VPNs have the auto-disable feature turned off.”

ForbesFBI Issues Advisory As Hackers Strike: Email Admins Do This 1 Thing Now



Source

Related Articles

Back to top button