in april van dit jaar, informatiebeveiliging experts Mathy Vanhoef en Eyal Ronen gepubliceerd nieuwe DragonBlood kwetsbaarheden van WPA3. Dit is informatie over een reeks van problemen genoemd DragonBlood – “Ter ere van” de kwetsbare Dragonfly, het mechanisme waarmee clients te verifiëren op apparaten die de nieuwe WPA3 standaard ondersteunen.
EENlthough it was previously thought that this “handshake” mechanism was safe, Wanhof and Ronen have proved that this suggestion was wrong.Five vulnerabilities have been called DragonBlood, including denial of service, two problems leading to side-channel leaks, and two other problems associated with downgrade connections. Als gevolg, drakenbloed allowed an attacker located in the Wi-Fi access zone to recover the victim’s passwords and penetrate the network.
Now Vanhof and Ronen have released data on two more vulnerabilities that appeared after the representatives of the WiFi Alliance prepared protection from the source bugs. Similarly to April vulnerabilities, these new problems allow attackers to “drain” information about WPA3 cryptographic operations and brute-force passwords from Wi-Fi networks.
“It’s exceptionally hard to implement all parts of WPA3 without introducing side-channel leaks. The best approach to securely implement WPA3 that we encountered so far is the one of Microsoft: only support cryptographic group 19, and follow their techniques to implement the hunting and pecking algorithm”, - verslag van de onderzoekers.
The first vulnerability received the identifier CVE-2019-13377 and affects the WPA3 Dragonfly handshake mechanism with using Brainpool curves. The fact is that in April, experts found that key exchange based on elliptic curves of P-521 can be reduced to a weaker P-256.
Als gevolg, the WiFi Alliance recommended suppliers to use more reliable Brainpool curves instead. Echter, now experts write that this change only created a new opportunity for side-channel attacks and allows cracking passwords using the leak.
“Even if the advice of the Wi-Fi Alliance is followed, implementations remain at risk of attacks. This demonstrates that implementing Dragonfly and WPA3 without side-channel leaks is surprisingly hard. Het ook, nogmaals, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept”, — consider Vanhoef and Ronen.
The second vulnerability has the identifier CVE-2019-13456 and is associated with the implementation of EAP-pwd In de FreeRADIUS kader, which is used by many vendors. As in the previous vulnerability, the EAP-pwd authentication process on some devices with FreeRADIUS support leads to information leakage, which allows attackers to recover passwords.
Experts have already announced their findings to the WiFi Alliance and are now reporting that fixing new issues could lead to the release of WPA3.1. It is noted that the new security features are incompatible with WPA3, but will protect from majority of the attacks developed by Wanhof and Ronen.
