New Wi-Fi Vulnerability Allows Community Eavesdropping by way of Downgrade Assaults

Might 16, 2024NewsroomVulnerability / Community Safety

New Wi-Fi Vulnerability

Researchers have found a brand new safety vulnerability stemming from a design flaw within the IEEE 802.11 Wi-Fi customary that methods victims into connecting to a much less safe wi-fi community and listen in on their community site visitors.

The SSID Confusion assault, tracked as CVE-2023-52424, impacts all working techniques and Wi-Fi purchasers, together with residence and mesh networks which might be based mostly on WEP, WPA3, 802.11X/EAP, and AMPE protocols.

The tactic “includes downgrading victims to a much less safe community by spoofing a trusted community identify (SSID) to allow them to intercept their site visitors or perform additional assaults,” TopVPN said, which collaborated with KU Leuven professor and researcher Mathy Vanhoef.

“A profitable SSID Confusion assault additionally causes any VPN with the performance to auto-disable on trusted networks to show itself off, leaving the sufferer’s site visitors uncovered.”


The problem underpinning the assault is the truth that the Wi-Fi customary doesn’t require the community identify (SSID or the service set identifier) to all the time be authenticated and that safety measures are solely required when a tool opts to affix a selected community.

The online impact of this habits is that an attacker may deceive a shopper into connecting to an untrusted Wi-Fi community than the one it supposed to connect with by staging an adversary-in-the-middle (AitM) assault.

“In our assault, when the sufferer desires to connect with the community TrustedNet, we trick it into connecting to a special community WrongNet that makes use of comparable credentials,” researchers Héloïse Gollier and Vanhoef outlined. “Consequently, the sufferer’s shopper will suppose, and present the person, that it’s related to TrustedNet, whereas in actuality it’s related to WrongNet.”

In different phrases, although passwords or different credentials are mutually verified when connecting to a protected Wi-Fi community, there is no such thing as a assure that the person is connecting to the community they need to.

There are specific conditions to pulling off the downgrade assault –

  • The sufferer desires to connect with a trusted Wi-Fi community
  • There’s a rogue community obtainable with the identical authentication credentials as the primary
  • The attacker is inside vary to carry out an AitM between the sufferer and the trusted community

Proposed mitigations to counter SSID Confusion embrace an replace to the 802.11 Wi-Fi customary by incorporating the SSID as a part of the 4-way handshake when connecting to protected networks, in addition to enhancements to beacon protection that permit a “shopper [to] retailer a reference beacon containing the community’s SSID and confirm its authenticity in the course of the 4-way handshake.”

Beacons consult with management frames {that a} wi-fi entry level transmits periodically to announce its presence. It accommodates data such because the SSID, beacon interval, and the community’s capabilities, amongst others.


“Networks can mitigate the assault by avoiding credential reuse throughout SSIDs,” the researchers stated. “Enterprise networks ought to use distinct RADIUS server CommonNames, whereas residence networks ought to use a singular password per SSID.”

The findings come almost three months after two authentication bypass flaws had been disclosed in open-source Wi-Fi software program resembling wpa_supplicant and Intel’s iNet Wi-fi Daemon (IWD) that would deceive customers into becoming a member of a malicious clone of a reputable community or permit an attacker to affix a trusted community with out a password.

Final August, Vanhoef additionally revealed that the Home windows shopper for Cloudflare WARP may very well be tricked into leaking all DNS requests, successfully permitting an adversary to spoof DNS responses and intercept almost all site visitors.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.