Vulnerabilities:

CVE-2023-52160 (wpa_supplicant) and CVE-2023-52161 (Intel’s iNet Wireless Daemon) allow attackers to:

  • Trick users into joining fake Wi-Fi networks: Attackers can create malicious clones of legitimate networks and steal user data.
  • Gain unauthorized access to secure Wi-Fi networks: Attackers can join password-protected networks without needing the password, putting devices and data at risk.

Affected devices:

  • CVE-2023-52160: Android devices using wpa_supplicant versions 2.10 and prior (requires specific configuration).
  • CVE-2023-52161: Linux devices using iNet Wireless Daemon versions 2.12 and lower (any network using a Linux access point).

Mitigation:

  • Update your Linux distribution and ChromeOS (version 118 or later).
  • Android fix not yet available, but manually configure CA certificate for any saved enterprise networks as a temporary workaround.

Exploitation:

  • Attacker needs SSID and physical proximity for CVE-2023-52160.
  • CVE-2023-52161 requires no special knowledge, affecting any vulnerable network.
    • Link@rentadrunk.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 months ago

      Hmm how would one know if their specific AP is affected? Lots of manufacturers won’t release updates.

      • khannie@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        9 months ago

        It’s not clear to me yet if this is specific to intel wireless devices (edit: the IWD wiki page says that it aims to be “a comprehensive Wi-Fi connectivity solution for Linux based devices” so it looks like it would cover any system using IWD, not just Intel AP’s).

        The article says “everyone using IWD as an access point” and “affects home WiFi networks”.

        So I went to the good ol’ Arch wiki and it gives some details on iwd:

        https://wiki.archlinux.org/title/Iwd

        Long story short it looks like at a minimum you would need the iwd package installed on a linux based access point (think open source based routers and probably many ISP ones) and an easy way to test for that appears to be if the apps iwctl, iwd and / or iwmon are anywhere on the system (and / or if iwd is running).

        If you run

        ps -ef | grep iwd

        on a normal linux box or

        pw w | grep iwd

        on openwrt based routers it should give you a clear indication.

        The linux based router I’m using here has iw and iwlist but they’re for a separate package and no iwd daemon running.

        I am still digging on this and will be until I’m happy.

        update: iwd 2.13 is vulnerable and was released 2024/01/12 so unless you’re bang up to date, if you’re using iwd you’re exposed.

          • khannie@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            9 months ago

            No worries. :) It was a bit rambling there for a while but I finally got to the bottom of it all.

            The article and / or CVE could have done a much better job of making it clear who wasn’t affected or at least how to check if you are.

      • TunaLobster@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        If these CVEs didn’t expose a router that doesn’t get updates, many others already have. OpenWRT might be more secure than OEM firmware.