February 15, 2024 at 09:51AM
New Wi-Fi authentication bypass vulnerabilities in open source software discovered by Mathy Vanhoef and Heloise Gollier pose threats to enterprise and home networks. The flaws affect Wpa_supplicant and Intel’s iNet Wireless Daemon (IWD) software. Exploitation could lead to traffic interception and unauthorized access to Wi-Fi networks. Vendors have been notified and patches are available.
The meeting notes detail the discovery of new Wi-Fi authentication bypass vulnerabilities in open source software, which could potentially expose enterprise and home networks to attacks. The vulnerabilities were uncovered in Wpa_supplicant and Intel’s iNet Wireless Daemon (IWD) software. Wpa_supplicant is present in Android devices, a majority of Linux devices, and ChromeOS, while IWD impacts home and small business Wi-Fi networks. The paper describes the exploitation of these vulnerabilities, imparting that no user interaction is required for an attacker to exploit the Wi-Fi clients. Impacted vendors have been informed, and Google has already patched the vulnerability for ChromeOS, with patches for Android and Linux also available. Mitigations are also available.