News

Researchers found vulnerabilities in WPA3 protocol that allow obtaining Wi-Fi passwords

Though Wi-Fi Protected Access III (WPA3) standard released less than a year ago, researchers found significant vulnerabilities in a standard that enable Wi-Fi extraction and network access.

WPA3 was created to improve flaws in WPA2 protocol that for a long time was considered unsafe and vulnerable to Key Reinstallation Attack (KRACK).

Despite WPA3 protocol relies on safer handshake SAE (Simultaneous Authentication of Equals), also known as a Dragonfly, that aims networks protection from autonomous vocabulary attacks, Mathy Vanhoef and Eyal Ronen discovered several disadvantages in the WPA3-Personal design of early realization that allow Wi-Fi passwords restoration through timing-attacks and attacks on cash.

“In particular, attackers can read information that is considered to be fully protected. They can use it for taking advantages of personal data as credit card numbers, passwords, chat messages, emails etc.,” – explained experts.

Specialists localized five problems that got a common name DragonBlood. In the report Vanhoef and Ronen described two main design issues, one of the leads to downgrade attacks and second – to cash leaks.

As WPA3 is not so wide spread, for protection of earlier devices WPA3 suggest “transitional working mode” that enables both WPA3 and WPA2 connection. However, this mode is vulnerable to downgrade attacks that can use intruders for creation of malware access point that would support WPA2 only and that would force devices with WPA3 to connect with the unsafe quadrilateral handshake WPA2. Moreover, Dragonfly handshake is vulnerable to attacks.

As noted, for realization of downgrade attacks intruders have to know only SSID of WPA3-SAE network.

Researches also described series of attacks on the base of synchronization (CVE-2019-9494) and attacks on cash (CVE-2019-9494) that enable obtaining Wi-Fi access and DoS-attack, the latter can be realized by initiation of great number of handshakes with WPA3 point.

Experts have already informed Wi-Fi Alliance about their discovery. Organization acknowledged issues and together with vendors are addressing this issues. Researchers posted four instruments for vulnerability checks as Dragonforce, Dragonslayer, Dragondrain and Dragontime on GitHub website.

Wi-Fi Alliance (WECA) is non-governmental organization that certifies and releases Wi-Fi equipment and has rights on Wi-Fi brand. Alliance consists of 36 companies as Apple, Microsoft, Qualcom and others.

Source: https://www.zdnet.com/article/dragonblood-vulnerabilities-disclosed-in-wifi-wpa3-standard/

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-bpudepi.today Pop-up Ads

About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…

19 hours ago

Remove Doguhtam.xyz Pop-up Ads

About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…

19 hours ago

Remove News-xlixoti.com Pop-up Ads

About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…

19 hours ago

Remove Ducesousightion.com Pop-up Ads

About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…

19 hours ago

Remove News-xlabica.live Pop-up Ads

About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…

19 hours ago

Remove Mergechain.co.in Pop-up Ads

About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…

19 hours ago