‘Devastating' Dragonblood flaws discovered in WPA3 protocol

Researchers say these attacks could've been avoided if the Wi-Fi Alliance was more open when creating WPA3

A blood-red dragonfly to depict the WPA3 protocol vulnerabilities

The recently-launched WPA3 standard for Wi-Fi networks has a number of exploitable flaws that could allow an attacker to recover network passwords and steal information.

Researchers have outlined five "efficient and low cost" attacks that can be exploited to recover Wi-Fi network passwords, launch resource consumption attacks or force devices into using weaker security settings.

Despite safeguards in WPA3 to prevent brute force attacks, an attacker could still recover network passwords if they are within range and at little cost, according to two security researchers Mathy Vanhoef and Eyal Ronen in their academic paper. They have also launched a site dedicated to these vulnerabilities.

The Wi-Fi Alliance launched the Wi-Fi Protected Access 3 certification, or WPA3, in June 2018 as a means of protecting a wider range of devices against hacks, while making it easier for end-users to implement new technology.

Given the WPA2 standard has been in force since 2004, the need for a next-gen iteration was long overdue. The new standard has since been adopted by a host of companies including Intel Qualcomm, Huawei and Cisco.

The researchers prescribed a handful of these vulnerabilities 'Dragonblood' in light of the added security that WPA3 offers - commonly known as the Dragonfly handshake. This Simultaneous Authentication of Equals (SAE) handshake is supposed to protect users by making password cracking near-impossible.

Another WPA3 attack category dubbed a Downgrade Attack specifically targets a backward compatibility mechanism in which a Wi-Fi network supports the usage of both WPA3 and WPA2 with an identical password.

An attacker, in this context, can create a rogue network and force clients that support WPA3 into connecting to WPA2, which is far more easily breached than the next-gen standard.

"WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues," the Wi-Fi Alliance said in a statement.

"These issues can all be mitigated through software updates without any impact on devices' ability to work well together. There is no evidence that these vulnerabilities have been exploited.

"As with any technology, robust security research that pre-emptively identifies potential vulnerabilities is critical to maintaining strong protections."

The flaws that factor into the Dragonblood category include a security group downgrade attack, a timing-based side-channel attack, a cache-based side-channel attack and a denial of service attack.

The side-channel attacks, alarmingly, can be executed by brute-forcing all 8-character lowercase passwords using as little as $125 of virtual server space, the researchers added.

Despite these flaws, they added, WPA3 still poses a better means to protect users from attacks against WPA2. They did, however, criticise the Wi-Fi Alliance for the way in which it developed the new standard.

"We believe that WPA3 does not meet the standards of a modern security protocol," the researchers said. "Moreover, we believe that our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner.

"Notable is also that nearly all of our attacks are against SAE's password encoding method, i.e., against its hash-to-group and hash-to-curve algorithm. Interestingly, a simple change to this algorithm would have prevented most of our attacks."

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

25 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021