News

Researchers found vulnerabilities in WPA3 protocol that allow obtaining Wi-Fi passwords

Though Wi-Fi Protected Access III (WPA3) standard released less than a year ago, researchers found significant vulnerabilities in a standard that enable Wi-Fi extraction and network access.

WPA3 was created to improve flaws in WPA2 protocol that for a long time was considered unsafe and vulnerable to Key Reinstallation Attack (KRACK).

Despite WPA3 protocol relies on safer handshake SAE (Simultaneous Authentication of Equals), also known as a Dragonfly, that aims networks protection from autonomous vocabulary attacks, Mathy Vanhoef and Eyal Ronen discovered several disadvantages in the WPA3-Personal design of early realization that allow Wi-Fi passwords restoration through timing-attacks and attacks on cash.

“In particular, attackers can read information that is considered to be fully protected. They can use it for taking advantages of personal data as credit card numbers, passwords, chat messages, emails etc.,” – explained experts.

Specialists localized five problems that got a common name DragonBlood. In the report Vanhoef and Ronen described two main design issues, one of the leads to downgrade attacks and second – to cash leaks.

As WPA3 is not so wide spread, for protection of earlier devices WPA3 suggest “transitional working mode” that enables both WPA3 and WPA2 connection. However, this mode is vulnerable to downgrade attacks that can use intruders for creation of malware access point that would support WPA2 only and that would force devices with WPA3 to connect with the unsafe quadrilateral handshake WPA2. Moreover, Dragonfly handshake is vulnerable to attacks.

As noted, for realization of downgrade attacks intruders have to know only SSID of WPA3-SAE network.

Researches also described series of attacks on the base of synchronization (CVE-2019-9494) and attacks on cash (CVE-2019-9494) that enable obtaining Wi-Fi access and DoS-attack, the latter can be realized by initiation of great number of handshakes with WPA3 point.

Experts have already informed Wi-Fi Alliance about their discovery. Organization acknowledged issues and together with vendors are addressing this issues. Researchers posted four instruments for vulnerability checks as Dragonforce, Dragonslayer, Dragondrain and Dragontime on GitHub website.

Wi-Fi Alliance (WECA) is non-governmental organization that certifies and releases Wi-Fi equipment and has rights on Wi-Fi brand. Alliance consists of 36 companies as Apple, Microsoft, Qualcom and others.

Source: https://www.zdnet.com/article/dragonblood-vulnerabilities-disclosed-in-wifi-wpa3-standard/

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Himalayaview.top Pop-up Ads

About Himalayaview.top Himalayaview.top pop-ups can not launch out of the blue. If you have actually…

8 hours ago

Remove Youdilgad.top Pop-up Ads

About Youdilgad.top Youdilgad.top pop-ups can not expose out of the blue. If you have clicked…

8 hours ago

Remove Alkads.com Pop-up Ads

About Alkads.com Alkads.com pop-ups can not launch out of the blue. If you have clicked…

8 hours ago

Remove Bigamirt.xyz Pop-up Ads

About Bigamirt.xyz Bigamirt.xyz pop-ups can not launch out of nowhere. If you have clicked some…

8 hours ago

Remove Micorban.xyz Pop-up Ads

About Micorban.xyz Micorban.xyz pop-ups can not open out of the blue. If you have actually…

9 hours ago

Remove Msdefender.co.in Pop-up Ads

About Msdefender.co.in Msdefender.co.in pop-ups can not expose out of the blue. If you have actually…

2 days ago