Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network.
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data.
The Wi-Fi Protected Access III (WPA3) protocol was launched in an attempt to address technical shortcomings of the WPA2 protocol from the ground, which has long been considered to be insecureand found vulnerable to KRACK (Key Reinstallation Attack).
Though WPA3 relies on a more secure handshake, known as Dragonfly, that aims to protect Wi-Fi networks against offline dictionary attacks, security researchers Mathy Vanhoef and Eyal Ronen found weaknesses in the early implementation of WPA3-Personal, allowing an attacker to recover WiFi passwords by abusing timing or cache-based side-channel leaks.
« Concretely, attackers can then read information that WPA3 was assumed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on, » the researchers say.
Vulnerabilities in WPA3 — Hacking WiFi Password
In a research paper, dubbed DragonBlood, published today, researchers detailed two types of design flaws in WPA3—first leads to downgrade attacks and second to side-channel leaks.
Since the 15-year-old WPA2 protocol has been widely used by billions of devices, widespread adoption of WPA3 won’t happen overnight. To support old devices, WPA3 Certified devices offer a « transitional mode of operation » that can be configured to accept connections using both WPA3-SAE and WPA2.
Researchers find that the transitional mode is vulnerable to downgrade attacks, which attackers can abuse to set up a rogue AP that only supports WPA2, forcing WPA3-supported devices to connect using insecure WPA2’s 4-way handshake.
Researchers also detail two side-channel attacks—Cache-based (CVE-2019-9494) and Timing-based (CVE-2019-9494) attacks—against Dragonfly’s password encoding method that could allow attackers to perform a password partitioning attack, similar to an offline dictionary attack, to obtain Wi-Fi password.
Besides these, the duo also documented a Denial of Service attack that can be launched by overloading an « AP by initiating a large amount of handshakes with a WPA3-enabled Access Point, » bypassing SAE’s anti-clogging mechanism that is supposed to prevent DoS attacks.
Some of these vulnerabilities also affect devices using the EAP-pwd (Extensible Authentication Protocol-Password) protocol, which is also based on the Dragonfly password-authenticated key exchange method.
As a proof-of-concept, researchers has released following four separate tools on GitHub that can be used to test the vulnerabilities as mentioned above.
- Dragondrain—a tool that can test to which extend an Access Point is vulnerable to Dos attacks against WPA3’s Dragonfly handshake.
- Dragontime—an experimental tool to perform timing attacks against the Dragonfly handshake.
- Dragonforce—an experimental tool that takes the information to recover from the timing attacks and performs a password partitioning attack.
- Dragonslayer—a tool that implements attacks against EAP-pwd.
Wi-Fi Alliance Working With Vendors to Patch Reported Issues
The duo reported their findings to the WiFi Alliance, the non-profit organization that certifies WiFi standards and Wi-Fi products for conformity, who acknowledged the issues and are working with vendors to patch existing WPA3-certified devices.
« The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can refer to their device vendors’ websites for more information, » the WiFi Alliance says in its press release.