新的Wi-Fi漏洞使Android和Linux设备容易遭受黑客攻击

Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password.

网络安全研究人员发现了Android、Linux和ChromeOS设备中的开源Wi-Fi软件中的两个身份验证绕过漏洞，这可能会欺骗用户加入恶意克隆的合法网络，或者允许攻击者在不需要密码的情况下加入受信任的网络。

The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, have been discovered following a security evaluation of wpa_supplicant and Intel's iNet Wireless Daemon (IWD), respectively.

这些漏洞被跟踪为CVE-2023-52160和CVE-2023-52161，是在对wpa_supplicant和英特尔的iNet Wireless Daemon（IWD）进行安全评估后发现的。

The flaws "allow attackers to trick victims into connecting to malicious clones of trusted networks and intercept their traffic, and join otherwise secure networks without needing the password," Top10VPN said in a new research conducted in collaboration with Mathy Vanhoef, who has previously uncovered Wi-Fi attacks like KRACK, DragonBlood, and TunnelCrack.

这些漏洞“允许攻击者欺骗受害者连接到信任网络的恶意克隆，并拦截其流量，以及在无需密码的情况下加入其他安全网络，”Top10VPN在与Mathy Vanhoef合作进行的最新研究中表示。Mathy Vanhoef此前曾揭示过类似KRACK、DragonBlood和TunnelCrack的Wi-Fi攻击。

CVE-2023-52161, in particular, permits an adversary to gain unauthorized access to a protected Wi-Fi network, exposing existing users and devices to potential attacks such as malware infections, data theft, and business email compromise (BEC). It impacts IWD versions 2.12 and lower.

特别是CVE-2023-52161允许对手未经授权地访问受保护的Wi-Fi网络，使现有用户和设备面临潜在的攻击风险，如恶意软件感染、数据窃取和商业电子邮件妥协（BEC）。该漏洞影响IWD版本2.12及更低版本。

On the other hand, CVE-2023-52160 affects wpa_supplicant versions 2.10 and prior. It's also the more pressing of the two flaws owing to the fact that it's the default software used in Android devices to handle login requests to wireless networks.

另一方面，CVE-2023-52160影响的是wpa_supplicant版本2.10及更早版本。这是两个漏洞中更紧迫的问题，因为它是Android设备中处理无线网络登录请求的默认软件。

That said, it only impacts Wi-Fi clients that aren't properly configured to verify the certificate of the authentication server. CVE-2023-52161, however, affects any network that uses a Linux device as a wireless access point (WAP).

然而，它只影响未正确配置以验证认证服务器证书的Wi-Fi客户端。然而，CVE-2023-52161影响任何使用Linux设备作为无线访问点（WAP）的网络。

Successful exploitation of CVE-2023-52160 banks on the prerequisite that the attacker is in possession of the SSID of a Wi-Fi network to which the victim has previously connected. It also requires the threat actor to be in physical proximity to the victim.

成功利用CVE-2023-52160的前提是攻击者拥有受害者先前连接过的Wi-Fi网络的SSID。同时还需要威胁行为者与受害者在物理上接近。

"One possible such scenario might be where an attacker walks around a company's building scanning for networks before targeting an employee leaving the office," the researchers said.

"可能的一种场景是攻击者在公司建筑周围走动，扫描网络，然后针对离开办公室的员工进行攻击。"

Major Linux distributions such as Debian (1, 2), Red Hat (1), SUSE (1, 2), and Ubuntu (1, 2) have released advisories for the two flaws. The wpa_supplicant issue has also been addressed in ChromeOS from versions 118 and later, but fixes for Android are yet to be made available.

主要Linux发行版，如Debian、Red Hat、SUSE和Ubuntu，已发布了针对这两个漏洞的警报。wpa_supplicant问题也已在ChromeOS的118版本及更高版本中解决，但Android的修复措施尚未提供。

"In the meantime, it's critical, therefore, that Android users manually configure the CA certificate of any saved enterprise networks to prevent the attack," Top10VPN said.

"因此，目前至关重要的是，Android用户手动配置任何保存的企业网络的CA证书，以防止攻击。"

原文始发于微信公众号（知机安全）：新的Wi-Fi漏洞使Android和Linux设备容易遭受黑客攻击