Android, Linux Devices at Risk: New Wi-Fi Vulnerabilities Exposed

Joseph Adebayo

New Wi-Fi Flaws Make Android, Linux Devices to Hacking

Cybersecurity researchers have identified two vulnerabilities in open-source Wi-Fi software used in Android, Linux, and ChromeOS devices. These flaws could allow hackers to trick users into connecting to a fake network or join a trusted network without a password.  The flaws, known as CVE-2023-52160 and CVE-2023-52161, were discovered during a security evaluation of wpa_supplicant and Intel’s iNet Wireless Daemon (IWD).

What’s Happening & Why This Matters

These vulnerabilities can enable attackers to trick users into connecting to fake versions of trusted networks and intercept their traffic, or join secure networks without needing a password, according to Top10VPN’s new research, conducted with cybersecurity expert Mathy Vanhoef. CVE-2023-52161 allows attackers to gain unauthorized access to a protected Wi-Fi network, potentially exposing users and devices to malware, data theft, and business email compromise (BEC). It affects IWD versions 2.12 and lower.

Meanwhile, CVE-2023-52160 affects wpa_supplicant versions 2.10 and prior. It’s particularly concerning because it’s the default software used in Android devices for handling wireless network logins. Exploiting these flaws requires close proximity to the victim and knowledge of the network’s SSID, making it necessary for Android users to manually configure the CA certificate of saved enterprise networks to prevent attacks.

t/f Summary: How to Stay Protected

It’s crucial for Android users to manually configure the CA certificate of any saved enterprise networks to prevent these attacks until fixes are made available. While major Linux distributions have released advisories for the flaws, fixes for Android are still pending.

Share This Article
Avatar photo
By Joseph Adebayo “TF UX”
Joseph Adebayo is the user experience maestro. With a degree in Graphic Design and certification in User Experience, he has worked as a UX designer in various tech firms. Joseph's expertise lies in evaluating products not just for their technical prowess but for their usability, design, and consumer appeal. He believes that technology should be accessible, intuitive, and aesthetically pleasing.
Leave a comment