A vulnerability in the standard Wi-Fi IEEE 802.11 has been uncovered by a group of researchers from the Levven Catholic University in Belgium. This architectural vulnerability, identified as CVE-2023-52424, allows attackers to manipulate the process of connecting to a wireless network. By exploiting this vulnerability, attackers can deceive users into connecting to a network controlled by the attacker, instead of the intended network. The issue affects authentication methods such as WPA3, WEP, EAP, AMPE, and Fils, while WPA1, WPA2, and FT remain unaffected.
The attack technique, known as SSID Confusion, bypasses the authentication methods designed to protect the SSID network identifier. The vulnerability arises from the standard’s allowance for situations where the SSID can be non-authorized. Access points broadcast Beacon Frames containing information about the SSID network, which clients do not authenticate in order to simplify the network search process. This oversight opens the door for attackers to manipulate network connections.
For the attack to be successful, the attacker needs to ensure that a user initiates a connection to a specific wireless network while another network with the same connection parameters is nearby. The attacker must be within the signal reach zone to perform a Man-in-the-Middle (MITM) attack. No knowledge of the victims’ accounts is required to execute this attack.
The attack involves creating a fake network (Wrongnet) on a different channel using an attacker access point (Wrongap) to intercept and manipulate communication between the victim and the legitimate network (Trustednet). This multi-channel MITM attack is conducted in three stages, starting with network discovery where the attacker intercepts and modifies packages to deceive the victim into connecting to the fake network instead of the intended network. This manipulation tricks the victim’s device into believing that the desired network is nearby when, in reality, they are connecting to the attacker’s network.