Android vulnerabilities discovered!
Image by Unsplash
Billions of Android users worldwide could be affected by a new WiFi vulnerability, which hackers may exploit to create clones of WiFi hotspots and intercept data, researchers have found. Another new vulnerability enables unauthorized access to protected home Wi-Fi networks, exposing devices and data.
The first security flaw affects “wpa_supplicant,” an open-source software implementation of security mechanisms for wireless networks, such as the WPA (WiFi Protected Access).
WiFi networks using the Enterprise mode of WPA2/3 are at risk, as demonstrated by Simon Migliano from top10vpn.com and experienced security researcher Mathy Vanhoef.
“There are 2.3 billion Android users worldwide who could therefore be affected by this vulnerability,” researchers said.
Also, this open-source implementation is found in almost all Linux devices and ChromeOS, used in Chromebooks.
“The wpa_supplicant vulnerability allows a bad actor to trick their victim into automatically connecting to a malicious clone of a trusted WiFi network in order to intercept their traffic. As the attack requires no action by the victim, it’s likely the victim would be unaware they had been targeted,” researchers warn.
All the bad actor needs is the name (the SSID) of an Enterprise WPA2/3 network, which could be easily obtained by walking around a building and scanning.
The flaw affects the implementation of PEAP (protected extensible authentication protocol), which is a security protocol used to secure WiFi networks better. Attackers could skip the second phase of authentication when the target device has not been properly configured to verify the authentication server.
Another vulnerability affects Intel’s iNet Wireless Daemon (IWD) platform, a comprehensive connectivity solution for Linux, which is also open source and mostly used in home WiFi networks.
“It affects everyone using IWD as an access point, as the vulnerability does not rely on any misconfiguration,” researchers warn. “It allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices to attack.”
The risks include the interception of sensitive data, malware or ransomware infections, email compromise, credential theft, and others.
Both vulnerabilities were reported to vendors, have been patched, and are available as part of their public code repositories. Users should update their software. Unfortunately, Android users must wait for a new Android security update that includes the wpa_supplicant patch.
“In the meantime, it’s critical, therefore, that Android users manually configure the CA certificate of any saved Enterprise networks to prevent the attack.”
Most of the key ransomware operators explicitly forbid affiliates to target organizations in Russia and members of the Moscow-led Commonwealth of Independent States (CIS).
