Though Wi-Fi Protected Access III (WPA3) standard released less than a year ago, researchers found significant vulnerabilities in a standard that enable Wi-Fi extraction and network access.WPA3 was created to improve flaws in WPA2 protocol that for a long time was considered unsafe and vulnerable to Key Reinstallation Attack (KRACK).
Despite WPA3 protocol relies on safer handshake SAE (Simultaneous Authentication of Equals), also known as a Dragonfly, that aims networks protection from autonomous vocabulary attacks, Mathy Vanhoef and Eyal Ronen discovered several disadvantages in the WPA3-Personal design of early realization that allow Wi-Fi passwords restoration through timing-attacks and attacks on cash.
“In particular, attackers can read information that is considered to be fully protected. They can use it for taking advantages of personal data as credit card numbers, passwords, chat messages, emails etc.,” – explained experts.
Specialists localized five problems that got a common name DragonBlood. In the report Vanhoef and Ronen described two main design issues, one of the leads to downgrade attacks and second – to cash leaks.
As WPA3 is not so wide spread, for protection of earlier devices WPA3 suggest “transitional working mode” that enables both WPA3 and WPA2 connection. However, this mode is vulnerable to downgrade attacks that can use intruders for creation of malware access point that would support WPA2 only and that would force devices with WPA3 to connect with the unsafe quadrilateral handshake WPA2. Moreover, Dragonfly handshake is vulnerable to attacks.
As noted, for realization of downgrade attacks intruders have to know only SSID of WPA3-SAE network.
Researches also described series of attacks on the base of synchronization (CVE-2019-9494) and attacks on cash (CVE-2019-9494) that enable obtaining Wi-Fi access and DoS-attack, the latter can be realized by initiation of great number of handshakes with WPA3 point.
Experts have already informed Wi-Fi Alliance about their discovery. Organization acknowledged issues and together with vendors are addressing this issues. Researchers posted four instruments for vulnerability checks as Dragonforce, Dragonslayer, Dragondrain and Dragontime on GitHub website.