This new Wi-Fi attack can disable your VPN, researchers warn

Due to a design flaw in the Wi-Fi standard, under certain circumstances an attacker can redirect your connection to a less secure network, disable your VPN, and intercept traffic.

The vulnerability, known as CVE-2023-52424, allows a service set identifier (SSID) confusion attack in enterprise, mesh, and some home Wi-Fi networks. The SSID confusion attack itself provides an opportunity for an attacker to trick a user into connecting to a less secure network than the one they believe they are connecting to.

If credentials are reused, this can leave the user vulnerable to traffic interception. In addition, the exploit can force any VPN that has an automatic disable mode for trusted networks to turn itself off.

ForbesNSA warns iPhone and Android users to turn their devices off and on againFrom Davey Winder

What is CVE-2023-52424 and how does it work?

The vulnerability, discovered by a well-known security researcher named Professor Mathy Vanhoef and published in collaboration with Top10VPN, is caused by a flaw in the design of the IEEE 802.11 Wi-Fi standard. As such, it affects all Wi-Fi clients and all operating systems, provided certain requirements are met. The investigation found that at least six universities in the UK and the US put both staff and students at particular risk due to credential reuse.

The full research paper goes into all the technical details, but the real reason is that the IEEE 802.11 standard does not always require authentication of the network name or SSID.

Wi-Fi access points advertise wireless networks to nearby devices using beacon frames that also contain the SSID. To make this as simple as possible – the old argument of usability versus security – Wi-Fi clients do not attempt to authenticate these SSIDs in the beacon.

It would be fine if such security measures were only required after your device joined a network. CVE-2023-52424 proves that this is not the case at all. “The result of this fundamental design flaw means that all Wi-Fi clients on all platforms and operating systems are vulnerable to the SSID confusion attack,” the report says.

ForbesApple hacked again – These two hackers are constantly finding new security holesFrom Davey Winder

Only if these requirements are met does the SSID confusion attack work

The only version of the Wi-Fi Protected Access security protocol that is vulnerable to this SSID confusion attack is WPA3. It is generally considered more secure than the older WPA1 and WPA2 protocols. For this to work, the following requirements must be met:

• The victim connects to a trusted network.
• A second network with the same credentials as the first is available.
• The attacker is close enough to perform a man-in-the-middle exploit.

The study states: “The victim does not need to have ever connected to the untrusted network, nor does the attacker need to know the victim’s credentials.” While most VPNs should prevent traffic interception, the report suggests that some have a feature that automatically disables the VPN when a connection to a trusted network is established. In these circumstances, “the victim’s traffic is unprotected if this attack is successful.”

Cybersecurity experts discuss the potential impact of the SSID confusion vulnerability

Daniel Card, founder of cybersecurity consulting firm PwnDefend, said the costs and challenges of proximity must be considered for an exploit to be successful. “If someone is close enough for Wi-Fi, they’re close enough to punch you in the face,” Card said. In other words, it works great in a lab environment, but a real-world exploit is harder to pull off.

Ian Thornton-Trump, chief information security officer at threat analysis consultancy Cyjax, believes the impact of this attack on IoT devices could be very interesting. “It could be possible to ‘hijack’ the wireless device connection and potentially conduct covert surveillance,” Thornton-Trump said. “This is why IoT devices need to be in isolated segments and heavily restricted in terms of port/protocol and destination to limit lateral movement and compromise.” While Thornton-Trump acknowledges it is not a catastrophic discovery as most Wi-Fi implementations use WPA1 and WPA2, he says such investigations are “super important.” Since Wi-Fi is the foundation of our mobile digital lives, he said this type of thorough analysis is long overdue. “

I’ll leave the last word to Jake Moore, global cybersecurity advisor at security vendor ESET, who said: “This affects all Wi-Fi clients and is not a trivial connection error. Public Wi-Fi has gotten a bad rap over the years, but as more people have realized that VPN usage and security software are standard, threat actors have had to improve their strategy.”

Moore says this exploit fundamentally shows that security is built on trust and users should always think twice about which shared networks they connect their devices to. “It goes without saying,” Moore said, “that users should never reuse their login credentials and make sure the automatic deactivation feature of their VPNs is disabled.”

ForbesFBI issues warning about hacker attack: This is what email administrators should do nowFrom Davey Winder