New Wi-Fi vulnerabilities put Android and Linux devices at risk

22 February 2024 1 minute Author: Newsman

Cybersecurity researchers have discovered two critical vulnerabilities in Wi-Fi software used in Android, Linux, and ChromeOS-based devices. These flaws allow hackers to bypass the authentication process, forcing users to connect to malicious networks or allowing attackers to join secure networks without entering a password.

The vulnerabilities, labeled CVE-2023-52160 and CVE-2023-52161, were discovered during security assessments of wpa_supplicant and Intel’s iNet Wireless Daemon (IWD), respectively. CVE-2023-52161 allows unauthorized access to protected Wi-Fi networks, opening the way for potential attacks including malware infection, data theft, and business email compromise (BEC). CVE-2023-52160, which affects wpa_supplicant versions 2.10 and earlier, is particularly dangerous due to its widespread use on Android devices.

Major Linux distributions such as Debian, Red Hat, SUSE, and Ubuntu have already issued advisories for these vulnerabilities. The wpa_supplicant issue was also fixed in ChromeOS starting with version 118, but Android updates were not yet available at the time of discovery. To prevent attacks, it’s critical that Android users manually configure the CA certificate for their corporate networks. These findings highlight the importance of constantly monitoring and updating the security of network protocols to protect against potential cyber threats.

 

Other related articles
News
Read more
Adobe fixes 207 security vulnerabilities
Останнє оновлення Patch Tuesday, яке усуває 207 уразливостей у різних продуктах. Це комплексне оновлення включає критичні виправлення для Illustrator, Substance 3D Sampler і After Effects.
252
Found an error?
If you find an error, take a screenshot and send it to the bot.