WPA or Wifi Protected Access is a standard protocol designed to authenticate wireless devices using the Advanced Encryption Standard (AES) and limit the intrusion of hackers into your wireless network. Although WPA2 is immune from previous security protocols, it is vulnerable to some major cyber attacks such as KRACK (Key Restart Attack).
In June 2018, the Wi-Fi Alliance launched WPA3 , the successor to WPA2, which was designed to improve simplicity, increase cryptographic capacity, provide robust authentication, encryption features, enhanced connectivity, and more. secure IoT wifi devices, etc.
On the one hand, we are approaching the first anniversary of WPA3, while other security researchers have discovered serious vulnerabilities in the WPA3 wireless security protocol. These flaws are so serious that they could even allow attackers to recover the password from the Wi-Fi network.
Security researchers Mathy Vanhoef and Eyal Ronen have discovered weaknesses in the initial implementation of WPA3-Personal. These security vulnerabilities allow a hacker to recover WiFi passwords by exploiting time leaks or secondary channels based on the cache.
According to the researchers, “specifically, attackers can read the information that WPA3 was supposed to encrypt in a secure way.” It can be abused to steal confidential information transmitted, such as credit card numbers, passwords, messages of online chat, emails, etc. “
Two Major Security Flaws in WPA3
Although the latest Wi-Fi security standard, WPA3, is based on Dragonfly, that is, a more secure handshake is meant to avoid offline attacks by dictionary, but it is not possible to ignore other risks. In a research article titled DragonBlood, published today, security researchers have explained two types of flaws in WPA3: first, degradation of attacks, and second, leakage in side channels.
WPA2 has been around for almost 15 years and the widespread adoption of WPA3 is not possible overnight. The WiFi Alliance also has no option instead of supporting older devices. WPA3-compatible devices offer a “transition mode of operation” and allow devices to accept connections using both WPA3-SAE and WPA2. This transition mode is vulnerable to debugging attacks, which attackers can abuse to configure a false access point that only supports WPA2 and, therefore, to force WPA3-compatible devices to connect using the message. non-secure 4-way home. of WPA2.
“We also discovered a low-level attack on SAE [simultaneous hand equalization, more commonly known as a dragonfly], where we can force a device to use a lower elliptical curve than it would normally use,” said the researchers. .
Speaking of two other secondary channel attacks: cache-based attacks (CVE-2019-9494) and time-based cyber security attacks (CVE-2019-9494), Dragonfly’s password encryption method was the cause. This could allow attackers to launch a password partition attack similar to an offline dictionary attack. All these attacks are just waiting to access the WiFi password at any cost.
“For our password partition attack, we need to register multiple agreements with different MAC addresses.We can get handshakes with different MAC addresses by directing multiple clients on the same network (for example, by persuading multiple users to download the same malicious application). “If we can attack only one client, we can configure unauthorized access points with the same SSID but with a falsified MAC address,” the researchers added.
Researchers Will Release Tools to Test the Vulnerability
In addition to the previous attacks, the duo also explained the risks of other attacks such as denial of service. The researchers will also publish four separate tools on Github as proof of concept that users can use to test the mentioned vulnerabilities:
Dragontime: a tool to launch attacks against the dragonfly handshake.
Dragondrain: a tool to test if an access point is vulnerable to attacks Two against the WPA3 Dragonfly’s greeting.
Dragonforce: a tool to recover time attacks and perform a password partition attack.
Dragonslayer: A tool that makes attacks against EAP-pwd.
“Almost all of our attacks target SAE’s password encryption method, which is its group hash and hash algorithm.” Interestingly, a simple change in this algorithm would have prevented most our attacks, “said the researchers.
The WiFi Alliance works with suppliers to resolve reported issues. If you need more information about DragonBlood or if you want to read the research paper, visit the official website. The researchers also explained how small changes in the protocol could protect us from most attacks.
“Software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can check the websites of their device providers for more information,” WiFi Alliance said in its press release.