Unveiling New Vulnerabilities in Wi-Fi Security Protocols

8 min readFeb 25, 2024

Executive Summary

This report presents an analysis of two newly discovered vulnerabilities in open-source Wi-Fi software.

These vulnerabilities could potentially allow attackers to deceive victims into connecting to malicious duplicates of trusted networks, intercept their traffic, and gain unauthorized access to secure networks without requiring a password.

The vulnerabilities were identified in collaboration with the seasoned security researcher, Mathy Vanhoef.

The details of these vulnerabilities are being disclosed now that they have been patched and updated.

Key Findings

Nature of Vulnerabilities: The vulnerabilities enable two types of authentication bypass attacks on modern WPA2/3 networks: one affecting users connecting to Enterprise Wi-Fi networks, and the other impacting existing home Wi-Fi networks.
Affected Software: The vulnerabilities were found in ‘wpa_supplicant’ and Intel’s ‘iNet Wireless Daemon (IWD)’, both of which are open-source wireless network management software.
Affected Platforms: The vulnerabilities affect all Android devices and Linux distributions using the default Wi-Fi client, ChromeOS devices (wpa_supplicant), and numerous Linux distributions (IWD).
Impact: The vulnerabilities allow an attacker to deceive a victim into connecting to a malicious duplicate of an Enterprise Wi-Fi network and intercept their traffic (wpa_supplicant). They also enable an adversary to gain unauthorized access to a protected home Wi-Fi network, thereby exposing existing users and devices to potential attacks (IWD).
Identifiers: The vulnerabilities have been assigned the identifiers CVE-2023–52160 (wpa_supplicant) and CVE-2023–52161 (IWD).

Detailed Analysis

In collaboration with Professor Vanhoef, we identified significant security flaws in two instances of widely used open-source Wi-Fi software, leaving users vulnerable to traffic interception and other attacks.

The first attack targets users connecting to an Enterprise Wi-Fi network, while the second is an attack on an existing home network.

Our objective in publishing this research is to enhance the standard of wireless network security by identifying serious software vulnerabilities, facilitating their patching by vendors, and ensuring public awareness.

We also aim to increase public understanding of the risks associated with using shared networks and provide advice on protective measures.

Affected Devices

The vulnerability in wpa_supplicant v2.10 and lower (CVE-2023–52160) is of particular concern as this software is the default for handling login requests to wireless networks on Android devices.

Given the global user base of 2.3 billion Android users, this vulnerability could have widespread implications.

The wpa_supplicant software is also prevalent in almost all Linux devices, as well as in ChromeOS, the operating system used in Chromebooks, which are widely used in educational settings.

While the wpa_supplicant vulnerability only affects WiFi clients that fail to properly verify the certificate of the authentication server, recent studies indicate that this is often the case, especially with the affected devices.

The vulnerability in IWD v2.13 and lower (CVE-2023–52161) impacts fewer people as it’s Linux-only Wi-Fi software.

However, it affects everyone using IWD as an access point, as the vulnerability does not rely on any misconfiguration.

Developed by Intel, IWD is intended as a comprehensive connectivity solution for Linux and an eventual replacement for wpa_supplicant.

It is available in the official package managers of all major Linux distributions.

This report presents the findings of a security analysis of two Wi-Fi authentication vulnerabilities discovered by Mathy Vanhoef and Héloïse Gollier.

The vulnerabilities affect open-source Wi-Fi software used in various devices and operating systems, such as Android, Linux, and ChromeOS.

The report describes the nature, impact, and mitigation of the vulnerabilities, as well as the recommendations for users and vendors.

The first vulnerability (CVE-2023–52160) affects wpa_supplicant, the default Wi-Fi software in Android and most Linux devices, as well as ChromeOS.

It allows an attacker to bypass the mutual authentication process in Enterprise WPA2/3 networks and lure victims into connecting to malicious clones of trusted networks.

The attacker can then intercept and manipulate the victims’ internet traffic. The vulnerability can be exploited without any user interaction, as long as the attacker knows the SSID of the target network and is within range of the victim.

The second vulnerability (CVE-2023–52161) affects IWD, a newer Wi-Fi software developed by Intel and available in many Linux distributions.

It allows an attacker to join a protected Wi-Fi network without knowing the password, by skipping some steps of the 4-way handshake.

The attacker can then access the network resources and launch further attacks on the existing users and devices.

The vulnerability can be exploited when IWD is operating in Access Point mode, which is common for home Wi-Fi networks.

The vulnerabilities have been reported to the vendors and patched in the latest versions of the software.

Users are advised to update their devices and software as soon as possible to prevent the attacks.

However, some users may face delays or difficulties in obtaining the patches, depending on their operating system and distribution.

In particular, Android users may have to wait for several months or years before receiving the security update that includes the wpa_supplicant patch.

In the meantime, users can take some measures to reduce the risk of the attacks.

For the wpa_supplicant vulnerability, users should manually configure the CA certificate of any saved Enterprise networks or use tools such as CAT or TOFU to securely connect to the networks.

Users should also delete any unused Enterprise networks and disable automatic reconnection for any frequently used networks.

For the IWD vulnerability, users should avoid using IWD as an Access Point, or switch to another Wi-Fi software if possible.

Additionally, users should always use a VPN when connecting to public Wi-Fi networks, as this will encrypt their internet traffic and prevent interception by attackers.

Users should also be aware of the other types of attacks that can arise from these or any future vulnerabilities, such as malware infections, ransomware attacks, business email compromise, password theft, etc.

Users should follow the best practices of Wi-Fi security and stay informed of the latest developments and updates.

For a comprehensive technical analysis and all relevant background, please refer to the report titled “Bypassing Wi-Fi Authentication in Modern WPA2/3 Networks” authored by Mathy Vanhoef and Héloïse Gollier.

Video Demonstration of Attacks

A demonstration of the Wi-Fi authentication vulnerabilities in wpa_supplicant and IWD is provided by Prof. Vanhoef

Vulnerability in wpa_supplicant

Prof. Vanhoef, in collaboration with Ms. Gollier, identified a flaw in the implementation of PEAP.

This flaw allows an attacker to bypass the second phase of authentication when the target device has not been correctly configured to verify the authentication server.

It is important to note that PEAP is the most common authentication method for Enterprise networks.

Vulnerable PEAPv1 code in wpa-supplicant

The vulnerability lies in the flawed implementation of PEAP in wpa_supplicant.

By bypassing Phase-2 authentication, an attacker can easily create a rogue clone of a trusted Wi-Fi network and deceive the victim into connecting, all without knowing their password.

Prerequisites for a Typical Attack

The attacker needs to know the SSID of the target Enterprise WPA2/3 network.
The attacker must be within range of their victim, who can be located anywhere, i.e., they don’t need to be in range of the network being impersonated during the attack.
wpa_supplicant must be configured not to verify the authentication server’s TLS certificate.

These prerequisites are not particularly burdensome for an attack.

It is trivial to harvest SSIDs from around office buildings or to advertise popular Enterprise network names such as eduroam, Vodafone Homespot, TelenetWiFree, or Unitymedia WifiSpot, for example, and simply wait for an unsuspecting victim to connect.

The misconfiguration of wpa_supplicant is unfortunately a known issue on many systems.

Proper configuration is a manual process, whose confusing and tedious nature prompts many users to skip it.

The resulting attack can be seen in the diagram below, where the Phase-2 authentication can be skipped by sending the EAP-TLV Success packet instead of starting Phase-2.

Once connected, the adversary can intercept and manipulate all internet traffic of the victim.

Details of exploit of wpa_supplicant vulnerability

Vulnerability in IWD

The vulnerability in IWD stems from its implementation of the 4-way handshake, which is used when connecting to any protected Wi-Fi network for the first time.

It is exploitable when IWD is operating in Access Point (AP) mode.

Vulnerable versions of IWD fail to verify in which order message 2 or 4 of the handshake are received, i.e., it fails to store or check what the expected next message should be in the handshake.

Instead, IWD simply accepts any message.

In the code snippet below, you can see that the vulnerability is in the function eapol_auth_key_handle, which is called whenever a 4-way handshake message is received by the AP.

In line 9, it checks whether the AP has already sent message 1 of the 4-way handshake, i.e., to verify that a handshake is in progress.

However, in lines 12–16, there is no check for whether the AP now expects message 2 or 4. Instead, whatever message arrives next is processed.

This means that when an attacker is connecting to an IWD network, they can skip message 2 and immediately send message 4 in order to gain full access to the network.

In the event of such an attack, IWD will still try to verify the MIC (Message Integrity Code) of the received message 4.

However, it falls back to using an all-zero PTK (Pairwise Transient Key), which is the default in the absence of a valid PTK derived on receipt of message 2, as that step has been skipped in this exploit.

In order for an attacker to exploit the vulnerability in IWD, they simply need to send a message 4 where the Message Integrity Code (MIC) is calculated using an all-zero Pairwise Transient Key (PTK).

This will be verified by IWD, thereby completing the handshake.

Subsequently, IWD will accept encrypted data frames from the attacker, which are also encrypted using the all-zero PTK.

This grants the attacker full access to the Wi-Fi network.

The diagram below illustrates an example of a successful attack where messages 2 and 3 are skipped, followed by the exchange of encrypted data frames.

This demonstrates the successful exploitation of the IWD vulnerability.