this post was submitted on 23 Feb 2024
277 points (98.6% liked)

Technology

59161 readers
2119 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
277
Two Wi-Fi flaws expose Android, Linux devices to attacks (thehackernews.com)
submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/[email protected]
19 comments fedilink hide all child comments
 

Vulnerabilities:

CVE-2023-52160 (wpa_supplicant) and CVE-2023-52161 (Intel's iNet Wireless Daemon) allow attackers to:

  • Trick users into joining fake Wi-Fi networks: Attackers can create malicious clones of legitimate networks and steal user data.
  • Gain unauthorized access to secure Wi-Fi networks: Attackers can join password-protected networks without needing the password, putting devices and data at risk.

Affected devices:

  • CVE-2023-52160: Android devices using wpa_supplicant versions 2.10 and prior (requires specific configuration).
  • CVE-2023-52161: Linux devices using iNet Wireless Daemon versions 2.12 and lower (any network using a Linux access point).

Mitigation:

  • Update your Linux distribution and ChromeOS (version 118 or later).
  • Android fix not yet available, but manually configure CA certificate for any saved enterprise networks as a temporary workaround.

Exploitation:

  • Attacker needs SSID and physical proximity for CVE-2023-52160.
  • CVE-2023-52161 requires no special knowledge, affecting any vulnerable network.

Links:

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 8 months ago (1 children) 
UAP-AC-Lite-LR-BZ.6.6.55# which wpa_supplicant 
/usr/sbin/wpa_supplicant

UAP-AC-Lite-LR-BZ.6.6.55# /usr/sbin/wpa_supplicant -v
wpa_supplicant v2.10-devel
Copyright (c) 2003-2019, Jouni Malinen  and contributors`

Seems unifi devices are affected, no patch yet as far as I can tell.

[–] [email protected] 7 points 8 months ago (1 children)

The patch is likely going to have to come from Intel since they're the creators of IWD. I see that UniFi is running an older v2.10 module but it really doesn't matter as the CVE states that even 2.14 (which I think is the latest?) is vulnerable as well.

[–] [email protected] 5 points 8 months ago (1 children)

it's running wpa_supplicant, not iwd. It's vulnerable to the similar exploit in CVE-2023-52160 but the patch will likely have to come from unifi, as wpa_supplicant hasn't been updated in years as far as I know.

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago) (1 children)

Help me clear my confusion on this.

According to Mitre CVE-2023-52160 only applies to "Enterprise" Networks, that is WiFi Networks using WPA2 / WPA3 with Radius. This CVE is the one that relies on wpa_supplicant.

Meanwhile CVE-2023-52161 works on "regular" networks, ones using WPA2 / WPA3 with PSK, and relies on a vulnerability in IWD.

So unless I'm missing something (which is very possible) 5160 doesn't apply to most people and SMBs because they are not using Radius. So unless YOU are using Radius on your UniFi gear this vulnerability doesn't apply.

The one that WOULD apply to most people is 5161 but your UniFi screenshot is showing wpa_supplicant and not IWD so according to mitre this one doesn't apply to you either.

What am I missing here?

[–] [email protected] 5 points 8 months ago* (last edited 8 months ago)

I just verified personally that it was present on unifi devices, since their docs weren't clear. We are a mostly cisco/aruba shop where I work, but a lot of my colleagues at smaller businesses/universities use radius with unifi access points. I imagine they are vulnerable to this.

You are correct though in assessing that homelab users and very small enterprise users are probably safe.