‘Devastating' Dragonblood flaws discovered in WPA3 protocol

Researchers say these attacks could've been avoided if the Wi-Fi Alliance was more open when creating WPA3

A blood-red dragonfly to depict the WPA3 protocol vulnerabilities

The recently-launched WPA3 standard for Wi-Fi networks has a number of exploitable flaws that could allow an attacker to recover network passwords and steal information.

Researchers have outlined five "efficient and low cost" attacks that can be exploited to recover Wi-Fi network passwords, launch resource consumption attacks or force devices into using weaker security settings.

Advertisement - Article continues below

Despite safeguards in WPA3 to prevent brute force attacks, an attacker could still recover network passwords if they are within range and at little cost, according to two security researchers Mathy Vanhoef and Eyal Ronen in their academic paper. They have also launched a site dedicated to these vulnerabilities.

The Wi-Fi Alliance launched the Wi-Fi Protected Access 3 certification, or WPA3, in June 2018 as a means of protecting a wider range of devices against hacks, while making it easier for end-users to implement new technology.

Given the WPA2 standard has been in force since 2004, the need for a next-gen iteration was long overdue. The new standard has since been adopted by a host of companies including Intel Qualcomm, Huawei and Cisco.

The researchers prescribed a handful of these vulnerabilities 'Dragonblood' in light of the added security that WPA3 offers - commonly known as the Dragonfly handshake. This Simultaneous Authentication of Equals (SAE) handshake is supposed to protect users by making password cracking near-impossible.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Another WPA3 attack category dubbed a Downgrade Attack specifically targets a backward compatibility mechanism in which a Wi-Fi network supports the usage of both WPA3 and WPA2 with an identical password.

An attacker, in this context, can create a rogue network and force clients that support WPA3 into connecting to WPA2, which is far more easily breached than the next-gen standard.

"WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues," the Wi-Fi Alliance said in a statement.

"These issues can all be mitigated through software updates without any impact on devices' ability to work well together. There is no evidence that these vulnerabilities have been exploited.

"As with any technology, robust security research that pre-emptively identifies potential vulnerabilities is critical to maintaining strong protections."

The flaws that factor into the Dragonblood category include a security group downgrade attack, a timing-based side-channel attack, a cache-based side-channel attack and a denial of service attack.

Advertisement - Article continues below

The side-channel attacks, alarmingly, can be executed by brute-forcing all 8-character lowercase passwords using as little as $125 of virtual server space, the researchers added.

Despite these flaws, they added, WPA3 still poses a better means to protect users from attacks against WPA2. They did, however, criticise the Wi-Fi Alliance for the way in which it developed the new standard.

"We believe that WPA3 does not meet the standards of a modern security protocol," the researchers said. "Moreover, we believe that our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner.

"Notable is also that nearly all of our attacks are against SAE's password encoding method, i.e., against its hash-to-group and hash-to-curve algorithm. Interestingly, a simple change to this algorithm would have prevented most of our attacks."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020