Network Security, Endpoint/Device Security

Downgrade attacks enabled by newly discovered Wi-Fi flaw

Wireless network and connection abstract data background with wifi symbol

Security researchers have identified a design flaw in the IEEE 802.11 Wi-Fi standard that could allow malicious actors to trick users into connecting to less secure networks, The Hacker News reports.

Click for more special coverage

The vulnerability, which TopVPN researchers named the "SSID Confusion" attack and is tracked as CVE-2023-52424, affects all operating systems and Wi-Fi clients, including those using WEP, WPA3, 802.11X/EAP, and AMPE protocols.

Attackers can exploit this flaw by spoofing a trusted network name to downgrade victims to a less secure network, allowing them to perform adversary-in-the-middle attacks and intercept network traffic. As a result, any VPNs that automatically disable on trusted networks may turn off, leaving user traffic exposed. This issue arises because the Wi-Fi standard does not mandate authentication of the SSID, meaning devices can be misled into connecting to rogue networks with similar credentials.

Potential mitigation measures include updating the 802.11 standard to authenticate SSIDs during the 4-way handshake and enhancing beacon protection to verify SSID authenticity. Additionally, using unique credentials for different SSIDs can help prevent such attacks, the researchers said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.