Windows 10 News and info | Forum
April 20, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: WPA3 Wi-Fi Standard Affected by New Dragonblood Vulnerabilities  (Read 9 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 29912


I Do Windows


WWW Email
« on: April 11, 2019, 01:41:00 PM »
ReplyReply

Security researchers discovered new vulnerabilities in the WPA3-Personal protocol which allow potential attackers to crack Wi-Fi network passwords and get access to the encrypted network traffic exchanged between the connected devices.

According to a press release from the Wi-Fi Alliance, the devices impacted by these security vulnerabilities in the WPA3 Wi-Fi standard "allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements."

WPA3 uses Wi-Fi Device Provisioning Protocol (DPP) instead of shared passwords to sign up new devices to the network, a protocol which allows users to scan QR codes or NFC tags to log devices onto the wireless network. Additionally, unlike WPA2, all network traffic will be encrypted after connecting to a network which uses WPA3 WiFi Security.

The WPA3-Personal protocol replaces the Pre-shared Key (PSK) in WPA2-Personal with Simultaneous Authentication of Equals (SAE) to provide more robust password-based authentication.

While the WPA3-Personal was designed to substitute the less secure 14-year-old WPA2, the newer protocol's Simultaneous Authentication of Equals (SAE) handshake—also known as Dragonfly—seems to be plagued by a number of underlying design flaws which expose users to password partitioning attacks as discovered by researchers.

Dragonblood attacks can be used to steal sensitive information

"These attacks resemble dictionary attacks and allow an adversary to recover the password by abusing timing or cache-based side-channel leaks. Our side channel attacks target the protocol’s password encoding method" said Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) in their research paper.

The researchers also mention on the website dedicated to the analysis of the attacks against WPA3's Dragonfly handshake that "This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on."

As explained in the abstract of the research paper, "The resulting attacks are efficient and low cost: brute-forcing all 8-character lowercase password requires less than 125$in Amazon EC2 instances."

Since the Dragonfly handshake is used by Wi-Fi networks which require usernames and password for access control, it is also used by the EAP-pwd protocol which makes all the Dragonblood attacks found to impact WPA3-Personal ready to be used against EAP-pwd.

"Moreover, we also discovered serious bugs in most products that implement EAP-pwd. These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password," state the two researchers, "Although we believe that EAP-pwd is used fairly infrequently, this still poses serious risks for many users, and illustrates the risks of incorrectly implementing Dragonfly."


Dictionary attack against WPA3-SAE

Researchers also found KRACK WPA2 vulnerability

The flaws found within WPA3-Personal are of two types, side-channel leaks, and downgrade attacks, and they both can be used by potential attackers to find the Wi-Fi network's password. More detailed information on each type of attack users are exposed to on wireless networks which employ vulnerable implementations of WPA3-Personal is available HERE.

Vanhoef was also part of the research team which discovered the KRACK (short for key reinstallation attack) attacks affecting the WPA2 protocol that, at the time, impacted "all modern protected Wi-Fi networks."

The two researchers have also created and shared open source scripts designed to test some of the vulnerabilities they discovered in the WPA3-Personal protocol:

Quote
Dragonslayer: implements attacks against EAP-pwd (to be released shortly).

Dragondrain: this tool can be used to test to which extend an Access Point is vulnerable to denial-of-service attacks against WPA3's SAE handshake.

Dragontime: this is an experimental tool to perform timing attacks against the SAE handshake if MODP group 22, 23, or 24 is used. Note that most WPA3 implementations by default do not enable these groups.

Dragonforce: this is an experimental tool which takes the information to recover from our timing or cache-based attacks, and performs a password partitioning attack. This is similar to a dictionary attack.

Security patches already being deployed by device manufacturers

The researchers conclude their "Dragonblood: A Security Analysis of WPA3’s SAE Handshake" paper by saying that "a more open process would have prevented (or clarified) the possibility of downgrade attacks against WPA3-Transition mode. Nevertheless, although WPA3 has its flaws, we still consider it an improvement over WPA2."

The Wi-Fi Alliance press release says that "These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited" and "device manufacturers that are affected have already started deploying patches to resolve the issue."

Additionally, all impacted vendors were notified of the WPA3 vulnerabilities by the WiFi Alliance, CERT/CC, and the researchers, with backward-compatible countermeasures being implemented with the help of Vanhoef and Ronen.
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 12, 2019, 08:00:36 AM