New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

Researchers have discovered a model new security vulnerability stemming from a design flaw inside the IEEE 802.11 Wi-Fi customary that ideas victims into connecting to a a lot much less protected wi-fi neighborhood and pay attention to their neighborhood web site guests.

The SSID Confusion assault, tracked as CVE-2023-52424, impacts all working methods and Wi-Fi purchasers, along with home and mesh networks that are based mostly totally on WEP, WPA3, 802.11X/EAP, and AMPE protocols.

The technique “entails downgrading victims to a a lot much less protected neighborhood by spoofing a trusted neighborhood title (SSID) to permit them to intercept their web site guests or carry out extra assaults,” TopVPN said, which collaborated with KU Leuven professor and researcher Mathy Vanhoef.

“A worthwhile SSID Confusion assault moreover causes any VPN with the efficiency to auto-disable on trusted networks to indicate itself off, leaving the sufferer’s web site guests uncovered.”

The problem underpinning the assault is the reality that the Wi-Fi customary doesn’t require the neighborhood title (SSID or the service set identifier) to on a regular basis be authenticated and that security measures are solely required when a instrument opts to affix a particular neighborhood.

The net impression of this conduct is that an attacker may deceive a client into connecting to an untrusted Wi-Fi neighborhood than the one it meant to attach with by staging an adversary-in-the-middle (AitM) assault.

“In our assault, when the sufferer wants to attach with the neighborhood TrustedNet, we trick it into connecting to a particular neighborhood WrongNet that makes use of associated credentials,” researchers Héloïse Gollier and Vanhoef outlined. “Due to this, the sufferer’s shopper will suppose, and current the particular person, that it’s linked to TrustedNet, whereas actually it’s linked to WrongNet.”

In several phrases, although passwords or totally different credentials are mutually verified when connecting to a protected Wi-Fi neighborhood, there isn’t any such factor as a guarantee that the particular person is connecting to the neighborhood they want to.

There are particular circumstances to pulling off the downgrade assault –

• The sufferer wants to attach with a trusted Wi-Fi neighborhood
• There’s a rogue neighborhood accessible with the an identical authentication credentials as the first
• The attacker is inside range to hold out an AitM between the sufferer and the trusted neighborhood

Proposed mitigations to counter SSID Confusion embrace an change to the 802.11 Wi-Fi customary by incorporating the SSID as part of the 4-way handshake when connecting to protected networks, along with enhancements to beacon protection that allow a “shopper [to] retailer a reference beacon containing the neighborhood’s SSID and make sure its authenticity all through the 4-way handshake.”

Beacons focus on with management frames {{that a}} wi-fi entry stage transmits periodically to announce its presence. It accommodates information such as a result of the SSID, beacon interval, and the neighborhood’s capabilities, amongst others.

“Networks can mitigate the assault by avoiding credential reuse all through SSIDs,” the researchers talked about. “Enterprise networks ought to make use of distinct RADIUS server CommonNames, whereas home networks ought to make use of a singular password per SSID.”

The findings come virtually three months after two authentication bypass flaws had been disclosed in open-source Wi-Fi software program program equal to wpa_supplicant and Intel’s iNet Wi-fi Daemon (IWD) that might deceive clients into changing into a member of a malicious clone of an expert neighborhood or allow an attacker to affix a trusted neighborhood with no password.

Last August, Vanhoef moreover revealed that the House home windows shopper for Cloudflare WARP is perhaps tricked into leaking all DNS requests, efficiently allowing an adversary to spoof DNS responses and intercept virtually all web site guests.