Connect with us

Hacker News

WPA3 Still Rough on the Edges



WPA3 Still Rough on the Edges

The newly-released Wi-Fi security standard WPA3 is apparently still rough on the edges, as security researchers have already cracked several vulnerabilities less than one year after its release. WPA3 was developed to address WPA2’s vulnerability to KRACK (Key Reinstallation Attack) attacks and other issues, but seems to have opened a new can of worms as described in the paper DragonBlood.

“Concretely, attackers can then read information that WPA3 was assumed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on,”

–Researchers Mathy Vanhoef and Eyal Ronen

Dragonblood details ways to hack into WPA3-protected networks that support older devices through a transitional mode by means of a downgrade attack and side-channel attacks. The paper also describes how to execute a DoS attack against a WPA3-protected network.

With a downgrade attack, attackers can set up a rogue AP that uses WPA2 for devices to connect to. This is because client devices still need to catch up to the newly-released WPA3, which means that WPA3 networks would have to let them in through WPA2. Attackers can then worm their way into the WPA3 network.

WPA3 was designed to prevent offline dictionary attacks that allow hackers to determine a Wi-Fi network password. Unfortunately, the new protocol remains vulnerable to something similar known as password partitioning, thanks to two side-channel attacks detailed in the Dragonblood paper. Attackers only need to compromise one client to set up a rogue AP.

“For our password partitioning attack, we need to record several handshakes with different MAC addresses. We can get handshakes with different MAC addresses by targeting multiple clients in the same network (e.g. convince multiple users to download the same malicious application). If we are only able to attack one client, we can set up rogue APs with the same SSID but a spoofed MAC address.”

–Researchers Mathy Vanhoef and Eyal Ronen

Proof of concept applications are now available on GitHub to allow network security personnel to test their networks as well as for hackers to try against unpatched WPA3 networks.

Technology Enthusiast with a keen eye on the Cyberspace, Entrepreneur, Ethical Hacker

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *