WiFi Vulnerability Threatens Android Users

This post is also available in: עברית (Hebrew)

Hackers can now create clones of WiFi hotspots and intercept data, as well as enable unauthorized access to protected home Wi-Fi networks and expose devices and data. These methods are the result of new WiFi vulnerabilities that can put billions of Android users at risk.

According to Cybernews, the first security flaw affects “wpa_supplicant,” an open-source software implementation of security mechanisms for wireless networks, like WPA (WiFi Protected Access). They report that WiFi networks that are using the Enterprise mode of WPA2/3 are at risk, meaning there are 2.3 billion Android users worldwide who could be affected by this vulnerability. This open-source implementation is also found in almost all Linux devices and ChromeOS, used in Chromebooks.

The researchers explain: “This vulnerability allows malicious actors to trick their victim into automatically connecting to a malicious clone of a trusted WiFi network in order to intercept their traffic. Furthermore, since the attack requires no action by the victim, it’s likely the victim would be unaware they had been targeted.”

The flaw affects the implementation of PEAP (protected extensible authentication protocol), which is a security protocol used to secure WiFi networks. If the target device has not been properly configured to verify the authentication server, attackers can simply skip the second phase of authentication.

This vulnerability was reported to vendors and was since patched, and is even available as part of their public code repositories so users should update their software. Unfortunately, Cybernews reports that Android users must wait for a new Android security update that includes the wpa_supplicant patch.

In the meantime, the researchers state it is critical that Android users manually configure the CA certificate of any saved Enterprise networks, and prevent a potential attack.