A group of researchers from the Catholic University of Leuven (Belgium), identified an architectural vulnerability (CVE-2023-52424) in the IEEE 802.11 Wi-Fi standard, which allows you to connect to a less secure wireless network, instead of a trustworthy network that the user intended to connect to, after which you can organize interception and manipulation of traffic. The problem occurs in the wireless stacks of any operating system and affects the WPA3, WEP, EAP, AMPE, and FILS authentication methods.
The proposed attack technique, which is named SSID Confusion, allows you to bypass the access point authentication methods present in the protocol, which protect against spoofing the SSID network identifier and prevent creating fake networks with the name of the network to which the client connects. The problem is caused by the standard's definition of situations where the SSID may be unauthenticated. In particular, to indicate its presence, the access point sends beacon frames in broadcast mode, including information about the SSID network. To simplify the network search process, clients do not authenticate the SSID in these frames, as it is assumed that verification will be required after the client decides to connect to the network.
Successful attack requires that the user initiates a connection to a specific wireless network, and there is another wireless network nearby with the same connection parameters as the first network. This is the case, for example, when different networks are created for the 2.4 GHz and 5GHz bands, one of which is poorly protected and vulnerable to typical traffic interception attacks, such as KRACK or Frag. The problematic configuration is also used in some university networks that support the Eduroam service. The attacker must be within range of the signal in order to intercept between the user and the target network (MitM). An attacker does not need to know the victim's credentials to perform an attack.
The attack is reduced to creating an access point for the attacker (WrongAP in the diagram), which provides access to a less secure dummy network (WrongNet) on another channel, to which the client should connect instead of the desired network (TrustedNet). An access point can be created on a regular laptop and used to organize a multi-channel MitM attack on the victim (MC MitM). The attack is carried out in three stages:
1.Network Discovery. The MitM system intercepts packets sent over the air by the victim and the trusted access point (TrustedNet), replacing the SSID in them - in packets from the access point, the SSID is replaced with the ID of the less secure network, and in the victim's responses with the real one, in order to simulate the interaction of the client and the trusted access point. As a result, the victim's device receives responses and believes that the network you are looking for is nearby, despite the fact that these responses are broadcast by the attacker's access point.
2.Authentication hijacking. The attacker simulates successful authentication and forces the client to connect to a less secure network instead of a trustworthy one. As in the previous stage, the attacker intercepts frames sent during client authentication, replaces the SSID in them, and re-sends them to the access point.
3. MitM. After matching the communication channel, the attacker replaces the SSID from WrongNet with TrustedNet, giving the impression that the user is working through a trustworthy network, and not through a less secure network.
Taking advantage of the vulnerability, an attacker can force the client to connect to a less secure network, and the interface will display the SSID of the network that the user originally intended to connect to, and not the one to which he is actually connected. Once the user is connected via an unsecured network, the attacker can analyze and intercept unencrypted traffic flows. However, when using some VPNs, such as WARP, hide.me Like Windscribe, the VPN will not be activated when connecting to networks marked as trustworthy in the settings.
The attack is applicable to wireless authentication protocols that use EAP (Extensible Authentication Protocol), SAE (Simultaneous Authentication of Equals) and 802.1 X, as well as in the optional WPA3 protocol mode, where the SSID is not used when generating the PMK (Pairwise Master Key) key, which is done to exclude initially known data when generating the key in order to protect against various cryptographic attacks. The FILS (Fast Initial Link Setup) protocol is vulnerable when using the PMK created when negotiating an EAP-based connection. The WPA1, WPA2, and FT (Fast BSS Transition) protocols are not affected by the problem, as they require the correct SSID when negotiating a connection.
To protect against the SSID Confusion attack on the access point side, it is mentioned that the 802.11 standard requires SSID authentication during connection, which can be implemented by adding the SSID to the key generation function or including the SSID among the additional data checked during connection negotiation. On the client side, protection can be organized by providing protection of beacon frames (will be applied in WiFi 7). Network creators can prevent an attack by refusing to use shared credentials on networks with different SSIDs. Users can protect themselves by using a reliable VPN when connecting over any wireless network.
• Video:
The proposed attack technique, which is named SSID Confusion, allows you to bypass the access point authentication methods present in the protocol, which protect against spoofing the SSID network identifier and prevent creating fake networks with the name of the network to which the client connects. The problem is caused by the standard's definition of situations where the SSID may be unauthenticated. In particular, to indicate its presence, the access point sends beacon frames in broadcast mode, including information about the SSID network. To simplify the network search process, clients do not authenticate the SSID in these frames, as it is assumed that verification will be required after the client decides to connect to the network.
Successful attack requires that the user initiates a connection to a specific wireless network, and there is another wireless network nearby with the same connection parameters as the first network. This is the case, for example, when different networks are created for the 2.4 GHz and 5GHz bands, one of which is poorly protected and vulnerable to typical traffic interception attacks, such as KRACK or Frag. The problematic configuration is also used in some university networks that support the Eduroam service. The attacker must be within range of the signal in order to intercept between the user and the target network (MitM). An attacker does not need to know the victim's credentials to perform an attack.
The attack is reduced to creating an access point for the attacker (WrongAP in the diagram), which provides access to a less secure dummy network (WrongNet) on another channel, to which the client should connect instead of the desired network (TrustedNet). An access point can be created on a regular laptop and used to organize a multi-channel MitM attack on the victim (MC MitM). The attack is carried out in three stages:
1.Network Discovery. The MitM system intercepts packets sent over the air by the victim and the trusted access point (TrustedNet), replacing the SSID in them - in packets from the access point, the SSID is replaced with the ID of the less secure network, and in the victim's responses with the real one, in order to simulate the interaction of the client and the trusted access point. As a result, the victim's device receives responses and believes that the network you are looking for is nearby, despite the fact that these responses are broadcast by the attacker's access point.
2.Authentication hijacking. The attacker simulates successful authentication and forces the client to connect to a less secure network instead of a trustworthy one. As in the previous stage, the attacker intercepts frames sent during client authentication, replaces the SSID in them, and re-sends them to the access point.
3. MitM. After matching the communication channel, the attacker replaces the SSID from WrongNet with TrustedNet, giving the impression that the user is working through a trustworthy network, and not through a less secure network.
Taking advantage of the vulnerability, an attacker can force the client to connect to a less secure network, and the interface will display the SSID of the network that the user originally intended to connect to, and not the one to which he is actually connected. Once the user is connected via an unsecured network, the attacker can analyze and intercept unencrypted traffic flows. However, when using some VPNs, such as WARP, hide.me Like Windscribe, the VPN will not be activated when connecting to networks marked as trustworthy in the settings.
The attack is applicable to wireless authentication protocols that use EAP (Extensible Authentication Protocol), SAE (Simultaneous Authentication of Equals) and 802.1 X, as well as in the optional WPA3 protocol mode, where the SSID is not used when generating the PMK (Pairwise Master Key) key, which is done to exclude initially known data when generating the key in order to protect against various cryptographic attacks. The FILS (Fast Initial Link Setup) protocol is vulnerable when using the PMK created when negotiating an EAP-based connection. The WPA1, WPA2, and FT (Fast BSS Transition) protocols are not affected by the problem, as they require the correct SSID when negotiating a connection.
To protect against the SSID Confusion attack on the access point side, it is mentioned that the 802.11 standard requires SSID authentication during connection, which can be implemented by adding the SSID to the key generation function or including the SSID among the additional data checked during connection negotiation. On the client side, protection can be organized by providing protection of beacon frames (will be applied in WiFi 7). Network creators can prevent an attack by refusing to use shared credentials on networks with different SSIDs. Users can protect themselves by using a reliable VPN when connecting over any wireless network.
• Video:
