Many of the most popular laptops and smartphones in use today could be vulnerable to two major security flaws that could lead to identity theft, data exfiltration, business email compromise (BEC) and other risks, experts warn.
This is what cybersecurity researchers say Top10VPN and Mathy Vanhoef, who discovered two separate vulnerabilities: one tracked as CVE-2023-52160, and another tracked as CVE-2023-52161.
The latter could allow a threat actor to join an otherwise protected Wi-Fi network and target other devices connected to it with malware or infostealers. The former, on the other hand, is found in the default software that Android uses to handle logging into wireless networks and allows hackers to create a malicious clone of legitimate networks. If a victim is tricked into joining this malicious clone, their traffic can be hijacked.
Patches available
Although the vulnerabilities sound ominous, they are not that easy to exploit. The first requires the target Wi-Fi client to be configured not to verify the authentication server’s certificate. Additionally, the attacker must know the SSID of the Wi-Fi network the victim usually connects to and must be close enough to connect to it.
“One possible such scenario could be an attacker walking through a company building and scanning for networks before targeting an employee leaving the office,” the researchers explain.
CVE-2023-52161 was said to affect any network that uses a Linux device as a wireless access point.
Most Linux distributions (Debian, Red Hat, SUSE, Ubuntu) have all released patches, and that includes ChromeOS. An Android fix is still pending.
“In the meantime, it is therefore critical that Android users manually configure the CA certificate of stored corporate networks to prevent the attack,” Top10VPN said.
Through The hacker news