- Security researchers have discovered flaws in WiFi standards that could allow attackers to eavesdrop on network traffic and connect victims to untrusted networks.
- These attacks exploit VPN clients with auto-disconnect features to connect to insecure networks.
Cybersecurity researchers have discovered a new vulnerability in the IEEE 802.11 WiFi standard. The flaw could be exploited to trick systems into connecting to less secure networks and allow eavesdropping on traffic on the targeted network. The vulnerability (CVE-2023-52424) affects all WiFi clients and operating systems, including those based on WPA3, WEP, AMPE, and 802.11X/EAP.
The attack uses SSID confusion techniques to spoof the name of a trusted network and downgrade the target to a less secure network, allowing threat actors to perform further attacks or intercept network traffic. This vulnerability can also disable VPNs that have auto-disable features, further weakening the security of network traffic.
Show More: Patch Tuesday in May: Microsoft, Apple, Google release fixes for currently exploited vulnerabilities
These attacks are possible because the network name does not necessarily need to be authenticated, which means a malicious actor could use a man-in-the-middle attack to get the victim to connect to an untrusted network with similar credentials so that the change is not immediately noticeable. This bug is particularly harmful to organizations such as educational institutions that have a high level of credential reuse.
Users of WiFi networks are encouraged to update to 802.11 standards that can store network beacons or management frames with the network SSID and authenticate the SSID during the validation process. Users can also mitigate risks by avoiding credential reuse across SSIDs.
What best practices does your organization follow to maintain WiFi security? Let us know! LinkedIn, Xor FacebookWe’re listening!
Image credit: Shutterstock
