alphaspirit - Fotolia
WPA3 flaws found in Dragonfly handshake
Researchers discovered vulnerabilities in the WPA3 protocol, specifically in the Dragonfly handshake authentication, allowing for multiple exploits branded Dragonblood.
Researchers discovered five vulnerabilities in the WPA3 Wi-Fi security protocol that could lead to denial-of-service attacks, downgrade attacks or leaking of sensitive data, including passwords.
The WPA3 flaws were found by Mathy Vanhoef, a network security and applied cryptography postdoctoral researcher at NYU and one of the researchers behind the WPA2 KRACK vulnerability, and Eyal Ronen, postdoctoral researcher at Tel Aviv University's School of Computer Science and KU Leuven's Computer Security and Industrial Cryptography group. The vulnerabilities were branded Dragonblood because they were found in the Dragonfly handshake of the new Wi-Fi protocol, which the researchers said was supposed to have the main advantage of being "near impossible to crack the password of a network."
"We found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network. Concretely, attackers can then read information that WPA3 was assumed to safely encrypt," Vanhoef and Ronen wrote in their public disclosure. "This can, for example, be abused to steal sensitive information such as credit cards, passwords, chat messages, emails, and so on, if no extra protection such as HTTPS is used."
Vanhoef and Ronen also found WPA3 flaws in the Dragonfly handshake used in the extensible authentication protocol, which could allow a threat actor to recover a user's password or "impersonate any user, and thereby access the Wi-Fi network, without knowing the user's password."
Two of the WPA3 flaws were downgrade attacks in which the attacker would force the device to use the weaker WPA2 protocol and two other flaws were side-channel attacks where the timing of functions could be abused to perform dictionary attacks.
The risks associated with these WPA3 flaws depend on which attack is used, said Ryan Orsi, director of product management at WatchGuard Technologies, a network security company based in Seattle.
"Downgrading to a dictionary attack is easy to exploit. The attacker brings in a malicious radio in the form of a smart phone, laptop or external Wi-Fi adapter that is broadcasting a WPA2 'Evil Twin' of the legitimate WPA3 SSID. When a client that has previously connected to the legitimate WPA3 SSID and has knowledge of the pre-shared key performs a WPA2 handshake, existing WPA2 cracking tools can be used," Orsi said.
"Side-channel attacks are harder to exploit. In this attack, the attacker lures the client into connecting to a MAC spoofing access point in order to deploy malware to the client. The malware measures CPU performance as a technique to guess pieces of the password. This is more complicated and difficult to exploit," he explained.
The Wi-Fi Alliance, which developed the WPA3 protocol, downplayed the risks in a statement, saying the Dragonblood flaws only affect "a limited number of early implementations of WPA3."
"WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues," the Wi-Fi Alliance wrote. "These issues can all be mitigated through software updates without any impact on devices' ability to work well together. There is no evidence that these vulnerabilities have been exploited."