The detected error may remain uncorrected for many years.
Belgian University KU Leuven has identified a vulnerability in the IEEE 802.11 Wi-Fi standard, which allows an attacker to trick victims into connecting to a fake Wi-Fi network and intercept traffic.
According to the Top10VPN service, which collaborated with one of the researchers, KU Leuven, the vulnerability was made public this week before an upcoming conference in Seoul, South Korea. The CVE-2023-52424 flaw affects all Wi-Fi clients on all operating systems, including networks based on the widely used WPA3 protocol, as well as WEP and 802.11 X/EAP.
The problem is that the IEEE 802.11 standard does not always require SSID authentication when a client connects. The SSID identifies access points and networks, allowing them to be distinguished from others. Modern Wi-Fi networks use a four-way handshake for authentication, which includes encryption keys. However, the IEEE 802.11 standard does not require the SSID to be included in the key generation process, which allows an attacker to create a fake access point and force the victim to connect to a less secure network.
The vulnerability can only be exploited under certain conditions, such as when an organization has two Wi-Fi networks with shared credentials. In such cases, the attacker can place a fake access point with the same SSID as the protected network, and redirect the victim to a less secure network.
The flaw reduces the security of users by exposing them to known attacks, such as Key Reinstallation Attack (KRACK) and other threats. In some cases, the attack can neutralize the VPN's security. Some VPNs are automatically disabled when connected to a trusted Wi-Fi network, based on the SSID.
Researchers at KU Leuven offer several measures to protect against attacks related to SSID confusion:
Recall that KRACK is a replay attack on any Wi-Fi network with WPA2 encryption. All secure Wi-Fi networks use a 4-step "handshake" scheme to generate a cryptographic key. The attacker forces the victim to reset the already used cryptographic key in the third stage of the 4-step "handshake". Due to the use of the AES-CCMP stream cipher in the WPA2 protocol, resetting the key greatly weakens the encryption.
Belgian University KU Leuven has identified a vulnerability in the IEEE 802.11 Wi-Fi standard, which allows an attacker to trick victims into connecting to a fake Wi-Fi network and intercept traffic.
According to the Top10VPN service, which collaborated with one of the researchers, KU Leuven, the vulnerability was made public this week before an upcoming conference in Seoul, South Korea. The CVE-2023-52424 flaw affects all Wi-Fi clients on all operating systems, including networks based on the widely used WPA3 protocol, as well as WEP and 802.11 X/EAP.
The problem is that the IEEE 802.11 standard does not always require SSID authentication when a client connects. The SSID identifies access points and networks, allowing them to be distinguished from others. Modern Wi-Fi networks use a four-way handshake for authentication, which includes encryption keys. However, the IEEE 802.11 standard does not require the SSID to be included in the key generation process, which allows an attacker to create a fake access point and force the victim to connect to a less secure network.
The vulnerability can only be exploited under certain conditions, such as when an organization has two Wi-Fi networks with shared credentials. In such cases, the attacker can place a fake access point with the same SSID as the protected network, and redirect the victim to a less secure network.
The flaw reduces the security of users by exposing them to known attacks, such as Key Reinstallation Attack (KRACK) and other threats. In some cases, the attack can neutralize the VPN's security. Some VPNs are automatically disabled when connected to a trusted Wi-Fi network, based on the SSID.
Researchers at KU Leuven offer several measures to protect against attacks related to SSID confusion:
- you need to update the IEEE 802.11 standard to make SSID authentication mandatory;
- you should better protect the beacons that the access point transmits to announce its presence, so that connected clients can detect a change in the SSID;
- you should avoid reusing credentials for different SSIDs.
Recall that KRACK is a replay attack on any Wi-Fi network with WPA2 encryption. All secure Wi-Fi networks use a 4-step "handshake" scheme to generate a cryptographic key. The attacker forces the victim to reset the already used cryptographic key in the third stage of the 4-step "handshake". Due to the use of the AES-CCMP stream cipher in the WPA2 protocol, resetting the key greatly weakens the encryption.
