Many of the most popular laptops and smartphones in use today could be vulnerable to two major security flaws that could result in identity theft, data exfiltration, business email compromise (BEC) and other risks, experts have warned.
This is according to cybersecurity researchers at Top10VPN and Mathy Vanhoef, who found two separate vulnerabilities - one tracked as CVE-2023-52160, and another tracked as CVE-2023-52161.
Patches available
While the vulnerabilities sound ominous, they’re not that easy to exploit. For the first one, the target’s Wi-Fi client needs to be configured not to verify the certificate of the authentication server. Furthermore, the attacker needs to know the SSID of the Wi-Fi network the victim usually connects to and needs to be close enough to be able to connect to it.
"One possible such scenario might be where an attacker walks around a company's building scanning for networks before targeting an employee leaving the office," the researchers explained.
CVE-2023-52161 was said to affect any network using a Linux device as a wireless access point.
Most Linux distributions (Debian, Red Hat, SUSE, Ubuntu), have all released patches, and so has ChromeOS. An Android fix is still pending.
"In the meantime, it's critical, therefore, that Android users manually configure the CA certificate of any saved enterprise networks to prevent the attack," Top10VPN said.
Via The Hacker News
More from TechRadar Pro
- Pretty much all Wi-Fi routers are vulnerable to attack, study finds
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now