‘Devastating' Dragonblood flaws discovered in WPA3 protocol

Researchers say these attacks could've been avoided if the Wi-Fi Alliance was more open when creating WPA3

A blood-red dragonfly to depict the WPA3 protocol vulnerabilities

The recently-launched WPA3 standard for Wi-Fi networks has a number of exploitable flaws that could allow an attacker to recover network passwords and steal information.

Researchers have outlined five "efficient and low cost" attacks that can be exploited to recover Wi-Fi network passwords, launch resource consumption attacks or force devices into using weaker security settings.

Despite safeguards in WPA3 to prevent brute force attacks, an attacker could still recover network passwords if they are within range and at little cost, according to two security researchers Mathy Vanhoef and Eyal Ronen in their academic paper. They have also launched a site dedicated to these vulnerabilities.

The Wi-Fi Alliance launched the Wi-Fi Protected Access 3 certification, or WPA3, in June 2018 as a means of protecting a wider range of devices against hacks, while making it easier for end-users to implement new technology.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Given the WPA2 standard has been in force since 2004, the need for a next-gen iteration was long overdue. The new standard has since been adopted by a host of companies including Intel Qualcomm, Huawei and Cisco.

The researchers prescribed a handful of these vulnerabilities 'Dragonblood' in light of the added security that WPA3 offers - commonly known as the Dragonfly handshake. This Simultaneous Authentication of Equals (SAE) handshake is supposed to protect users by making password cracking near-impossible.

Another WPA3 attack category dubbed a Downgrade Attack specifically targets a backward compatibility mechanism in which a Wi-Fi network supports the usage of both WPA3 and WPA2 with an identical password.

An attacker, in this context, can create a rogue network and force clients that support WPA3 into connecting to WPA2, which is far more easily breached than the next-gen standard.

"WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues," the Wi-Fi Alliance said in a statement.

"These issues can all be mitigated through software updates without any impact on devices' ability to work well together. There is no evidence that these vulnerabilities have been exploited.

Advertisement - Article continues below

"As with any technology, robust security research that pre-emptively identifies potential vulnerabilities is critical to maintaining strong protections."

The flaws that factor into the Dragonblood category include a security group downgrade attack, a timing-based side-channel attack, a cache-based side-channel attack and a denial of service attack.

The side-channel attacks, alarmingly, can be executed by brute-forcing all 8-character lowercase passwords using as little as $125 of virtual server space, the researchers added.

Despite these flaws, they added, WPA3 still poses a better means to protect users from attacks against WPA2. They did, however, criticise the Wi-Fi Alliance for the way in which it developed the new standard.

Advertisement
Advertisement - Article continues below

"We believe that WPA3 does not meet the standards of a modern security protocol," the researchers said. "Moreover, we believe that our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner.

"Notable is also that nearly all of our attacks are against SAE's password encoding method, i.e., against its hash-to-group and hash-to-curve algorithm. Interestingly, a simple change to this algorithm would have prevented most of our attacks."

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019