‘Devastating' Dragonblood flaws discovered in WPA3 protocol

Researchers say these attacks could've been avoided if the Wi-Fi Alliance was more open when creating WPA3

A blood-red dragonfly to depict the WPA3 protocol vulnerabilities

The recently-launched WPA3 standard for Wi-Fi networks has a number of exploitable flaws that could allow an attacker to recover network passwords and steal information.

Researchers have outlined five "efficient and low cost" attacks that can be exploited to recover Wi-Fi network passwords, launch resource consumption attacks or force devices into using weaker security settings.

Despite safeguards in WPA3 to prevent brute force attacks, an attacker could still recover network passwords if they are within range and at little cost, according to two security researchers Mathy Vanhoef and Eyal Ronen in their academic paper. They have also launched a site dedicated to these vulnerabilities.

The Wi-Fi Alliance launched the Wi-Fi Protected Access 3 certification, or WPA3, in June 2018 as a means of protecting a wider range of devices against hacks, while making it easier for end-users to implement new technology.

Given the WPA2 standard has been in force since 2004, the need for a next-gen iteration was long overdue. The new standard has since been adopted by a host of companies including Intel Qualcomm, Huawei and Cisco.

The researchers prescribed a handful of these vulnerabilities 'Dragonblood' in light of the added security that WPA3 offers - commonly known as the Dragonfly handshake. This Simultaneous Authentication of Equals (SAE) handshake is supposed to protect users by making password cracking near-impossible.

Another WPA3 attack category dubbed a Downgrade Attack specifically targets a backward compatibility mechanism in which a Wi-Fi network supports the usage of both WPA3 and WPA2 with an identical password.

An attacker, in this context, can create a rogue network and force clients that support WPA3 into connecting to WPA2, which is far more easily breached than the next-gen standard.

"WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues," the Wi-Fi Alliance said in a statement.

"These issues can all be mitigated through software updates without any impact on devices' ability to work well together. There is no evidence that these vulnerabilities have been exploited.

"As with any technology, robust security research that pre-emptively identifies potential vulnerabilities is critical to maintaining strong protections."

The flaws that factor into the Dragonblood category include a security group downgrade attack, a timing-based side-channel attack, a cache-based side-channel attack and a denial of service attack.

The side-channel attacks, alarmingly, can be executed by brute-forcing all 8-character lowercase passwords using as little as $125 of virtual server space, the researchers added.

Despite these flaws, they added, WPA3 still poses a better means to protect users from attacks against WPA2. They did, however, criticise the Wi-Fi Alliance for the way in which it developed the new standard.

"We believe that WPA3 does not meet the standards of a modern security protocol," the researchers said. "Moreover, we believe that our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner.

"Notable is also that nearly all of our attacks are against SAE's password encoding method, i.e., against its hash-to-group and hash-to-curve algorithm. Interestingly, a simple change to this algorithm would have prevented most of our attacks."

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021