What's new

News SSID Confusion attack, tracked as CVE-2023-52424

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


Part of the Furniture
This one was inevitable - it's a design issue with 802.11 in general...

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic.

The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on WEP, WPA3, 802.11X/EAP, and AMPE protocols.

The method "involves downgrading victims to a less secure network by spoofing a trusted network name (SSID) so they can intercept their traffic or carry out further attacks," Top10VPN said, which collaborated with KU Leuven professor and researcher Mathy Vanhoef.

"A successful SSID Confusion attack also causes any VPN with the functionality to auto-disable on trusted networks to turn itself off, leaving the victim's traffic exposed."

The issue underpinning the attack is the fact that the Wi-Fi standard does not require the network name (SSID or the service set identifier) to always be authenticated and that security measures are only required when a device opts to join a particular network.

More here...

More here...

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.

According to the article not too hard to mitigate this.
Networks can mitigate the attack by avoiding credential reuse across SSIDs," the researchers said. "Enterprise networks should use distinct RADIUS server CommonNames, while home networks should use a unique password per SSID.
So, you left out WPA2. Is it not affected?

So, I guess it is better to run both 2.4Ghz and 5Ghz on the same SSID if you want roaming?

WPA2 would be at risk as well...

Here's the deal though - the "alternate" SSID has to have the same credentials as the primary SSID - this is the issue... so if you protect your passwork/passphrase, you're ok...

Having multiple AP's with the same SSID across bands - not at risk - remember, an SSID identifies a network period, it doesn't take things down to a BSSID level at the radio...

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!