Author Topic: WPA3 Wi-Fi Standard Affected by New Dragonblood Vulnerabilities  (Read 373 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35127
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Security researchers discovered new vulnerabilities in the WPA3-Personal protocol which allow potential attackers to crack Wi-Fi network passwords and get access to the encrypted network traffic exchanged between the connected devices.

According to a press release from the Wi-Fi Alliance, the devices impacted by these security vulnerabilities in the WPA3 Wi-Fi standard "allow the collection of side-channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements."

WPA3 uses Wi-Fi Device Provisioning Protocol (DPP) instead of shared passwords to sign up new devices to the network, a protocol that allows users to scan QR codes or NFC tags to log devices onto the wireless network. Additionally, unlike WPA2, all network traffic will be encrypted after connecting to a network that uses WPA3 WiFi Security.

The WPA3-Personal protocol replaces the Pre-shared Key (PSK) in WPA2-Personal with Simultaneous Authentication of Equals (SAE) to provide more robust password-based authentication.

While the WPA3-Personal was designed to substitute the less secure 14-year-old WPA2, the newer protocol's Simultaneous Authentication of Equals (SAE) handshake—also known as Dragonfly—seems to be plagued by a number of underlying design flaws which expose users to password partitioning attacks as discovered by researchers.

Dragonblood attacks can be used to steal sensitive information

"These attacks resemble dictionary attacks and allow an adversary to recover the password by abusing timing or cache-based side-channel leaks. Our sidechannel attacks target the protocol’s password encoding method" said Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) in their research paper.

The researchers also mention on the website dedicated to the analysis of the attacks against WPA3's Dragonfly handshake that "This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on."

As explained in the abstract of the research paper, "The resulting attacks are efficient and low cost: brute-forcing all 8-character lowercase password requires less than 125$in Amazon EC2 instances."

Since the Dragonfly handshake is used by Wi-Fi networks that require usernames and passwords for access control, it is also used by the EAP-pwd protocol which makes all the Dragonblood attacks found to impact WPA3-Personal ready to be used against EAP-pwd.

"Moreover, we also discovered serious bugs in most products that implement EAP-pwd. These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password," state the two researchers, "Although we believe that EAP-pwd is used fairly infrequently, this still poses serious risks for many users, and illustrates the risks of incorrectly implementing Dragonfly."


Dictionary attack against WPA3-SAE

The researcher also found KRACK WPA2 vulnerability

The flaws found within WPA3-Personal are of two types, side-channel leaks, and downgrade attacks, and they both can be used by potential attackers to find the Wi-Fi network's password. More detailed information on each type of attack users are exposed to on wireless networks which employ vulnerable implementations of WPA3-Personal is available HERE.

source
« Last Edit: August 19, 2021, 01:36:17 PM by javajolt »