CVE-2024-20153
📋 TL;DR
This vulnerability allows attackers to spoof Wi-Fi access point SSIDs, tricking client devices into connecting to malicious networks. This affects devices with MediaTek Wi-Fi chipsets in STA (station/client) mode, potentially exposing network traffic to interception without user interaction.
💻 Affected Systems
- MediaTek Wi-Fi chipsets in STA mode
📦 What is this software?
Android by Google
Android by Google
Yocto by Linuxfoundation
Yocto by Linuxfoundation
Yocto by Linuxfoundation
⚠️ Risk & Real-World Impact
Worst Case
Complete interception of all network traffic, credential theft, man-in-the-middle attacks on encrypted connections, and installation of malware through network redirection.
Likely Case
Selective traffic interception, session hijacking, and credential harvesting from unencrypted or weakly encrypted connections.
If Mitigated
Limited impact if strong network encryption (WPA3) is used and certificate validation is enforced, though some metadata leakage may still occur.
🎯 Exploit Status
Exploitation requires proximity to target device and ability to broadcast Wi-Fi signals. No authentication or user interaction needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware patches ALPS08990446 / ALPS09057442
Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2025
Restart Required: Yes
Instructions:
1. Contact device manufacturer for firmware updates. 2. Apply MediaTek-provided firmware patches. 3. Reboot device after patch installation.
🔧 Temporary Workarounds
Disable automatic Wi-Fi connections
allPrevent devices from automatically connecting to remembered networks
Use cellular data in untrusted environments
allAvoid Wi-Fi networks when in public or untrusted locations
🧯 If You Can't Patch
- Implement network segmentation to isolate vulnerable devices
- Deploy certificate pinning and strict TLS validation on all applications
🔍 How to Verify
Check if Vulnerable:
Check device specifications for MediaTek Wi-Fi chipset and firmware version against vendor advisoryCheck Version:
Device-specific commands vary by manufacturer; typically in Settings > About Phone > Build NumberVerify Fix Applied:
Verify firmware version includes patch IDs ALPS08990446 or ALPS09057442📡 Detection & Monitoring
Log Indicators:
- Multiple connection attempts to same SSID with different BSSIDs
- Unexpected network switching
Network Indicators:
- Rogue access points broadcasting legitimate SSIDs
- Unusual MAC addresses for known networks
SIEM Query:
Wireless logs showing STA connecting to AP with mismatched SSID/BSSID patterns