Less than a year since the launch of the standard WPA3 (Wi-Fi Protected Access III), designed to remedy the technical shortcomings of WPA2, which has long been considered unsafe and are vulnerable to the attack of reinstallation keys (Key Reinstallation Attack KRACK), as researchers have identified a number of serious vulnerabilities in the standard that allows you to retrieve the wifi password and enter the network.
Although the Protocol WPA3 relies on a more secure handshake SAE (Simultaneous Authentication of Equals), known as Dragonfly, which is aimed at protecting wifi networks against offline dictionary attacks, experts Maty Veenhof (Mathy Vanhoef) and Eyal Ronen (Ronen Eyal) has identified several shortcomings in the design of early implementation WPA3-Personal, providing the ability to recover passwords from Wi-Fi network with the help of timing attacks, or attacks on the cache.
“In particular, the attacker can read the information which is securely encrypted. They could use this to steal confidential data, such as charge card numbers, passwords, chat messages, emails and so on”, — the expert explained.
Only specialists have identified five issues that received the common name of DragonBlood. In its report, Veenhof and Ronen described two types of shortcomings in design — one is to attack lower level (downgrade attacks), the second to the leakage of the cache.
Because WPA3 still not widely used to support older devices certified WPA3 devices offer a “transitional mode”, where you can configure the connection using WPA3-SAE and WPA2. It turned out that this mode is vulnerable to attacks of lower level than can be exploited by attackers to create a malicious access point that supports WPA2, forcing enabled devices WPA3 to connect using an insecure four-sided handshake WPA2. In addition, the attacks decrease the vulnerable and the handshake Dragonfly. This flaw, attackers can use in order to force the device to use the weaker elliptic curve than usual.
As noted, for the implementation of the attacks, lowering the level of the attacker it is enough to know the SSID of the network WPA3— SAE.
The researchers also described a number of attacks on the basis of the synchronization (CVE-2019-9494), and attacks on cache (CVE-2019-9494), allowing to obtain Wi-Fi password and a DoS attack, which can be done by initiating a large number of handshake with the access point WPA3.
Experts have already informed the representatives of the Wi-Fi Alliance on their findings. In the organization recognized the problem and now together with vendors are working to eliminate them. Experts have posted on GitHub four tools Dragonforce, Dragonslayer, Dragondrain, Dragontime to check for vulnerabilities.
The Wi-Fi Alliance (WECA), a non — governmental organization dedicated to the certification and production of Wi-Fi equipment and owns the brand Wi-Fi. The Alliance includes 36 companies, including Apple, Microsoft, Qualcomm, etc.
Read more •••