1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This devious Wi-Fi security flaw could let hackers eavesdrop on y

    From TechnologyDaily@1337:1/100 to All on Fri May 17 21:00:08 2024
    This devious Wi-Fi security flaw could let hackers eavesdrop on your network with ease

    Date:
    Fri, 17 May 2024 20:53:38 +0000

    Description:
    SSID Confusion makes the victim device connect to the wrong network - where the passing data can be viewed.

    FULL STORY ======================================================================

    Experts have identified a way to confuse your device when it tries to connect to a trusted Wi-Fi network. As a result, the device is instead connected to a rogue network, where threat actors can snoop in on network traffic and possibly even steal sensitive information passing through.

    A report from The Hacker News found the IEEE 802.11 Wi-Fi standard is vulnerable to a flaw tracked as CVE-2023-52424.

    It affects all operating systems and all Wi-Fi clients, and home networks, mesh networks are all vulnerable, regardless of if they are based on WEP, WPA3, 802.11X/EAP, or AMPE protocols. Conditions and prerequisites

    The researchers explained that by spoofing a trusted network name (SSID), the attackers can essentially downgrade the victim to a less secure network.

    "A successful SSID Confusion attack also causes any VPN with the
    functionality to auto-disable on trusted networks to turn itself off, leaving the victim's traffic exposed, the researchers added.

    CVE-2023-52424 revolves around the idea that SSIDs arent always
    authenticated, and security measures kick in only when a device requests joining a specific network.

    In our attack, when the victim wants to connect to the network TrustedNet, we trick it into connecting to a different network WrongNet that uses similar credentials," the researchers explained. "As a result, the victim's client will think, and show the user, that it is connected to TrustedNet, while in reality it is connected to WrongNet."

    Before the attack can be successful, the victim needs to meet a few conditions, though, including wanting to connect to a trusted network, having a separate network with the same authentication credentials available, and
    the attacker being in range to perform an Attacker-in-the-middle attack between the victim and the trusted network.

    The easiest way to address SSID Confusion attacks is to update to the 802.11 Wi-Fi standard, the researchers concluded. More from TechRadar Pro Wi-Fi software found in many major laptops and smartphones has a major security
    flaw here's what you need to know Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-devious-wi-fi-security-flaw-could- let-hackers-eavesdrop-on-your-network-with-ease


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)