WPA or Wifi Protected Access is a standard protocol designed to authenticate wireless devices using the Advanced Encryption Standard (AES) and restrict hackers from eavesdropping on your wireless network. Though WPA2 was secure than previous security protocols, it’s vulnerable to some major cyber attacks like KRACK (Key Reinstallation Attack).
In June 2018, Wi-Fi Alliance released WPA3, a successor to WPA2 with goals to improve simplicity, increase cryptographic strength, provide robust authentication, encryption features, better and secure connection of IoT wifi devices, etc.
On one hand, we are moving towards the first anniversary of WPA3 while on the other hand, some security researchers have unveiled severe vulnerabilities in the wireless security protocol WPA3. These flaws are so serious that they could even allow attackers to retrieve the password of the Wi-Fi network.
The security researchers Mathy Vanhoef and Eyal Ronen discovered weaknesses in the early implementation of WPA3-Personal. Those security loopholes are allowing a hacker to recover WiFi passwords by exploiting timing or cache-based side-channel leaks.
According to the researchers, “Concretely, attackers can then read information that WPA3 was assumed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on.”
Two Major Security Flaws in WPA3
Though the latest WiFi Security standard WPA3 relies on Dragonfly i.e a more secure handshake aims to prevent offline dictionary attacks, other risks can’t be ignored. In a research paper entitled DragonBlood, published today, security researchers explained two types of flaws in WPA3 – first leads to downgrade attacks and second to side-channel leaks.
WPA2 is around us for almost 15 years and widespread adoption of WPA3 is certainly not possible overnight. The WiFi Alliance also don’t have any option rather than to support older devices. The WPA3-enabled devices offer a “transitional mode of operation” and allows the devices to accept connections using both WPA3-SAE and WPA2. This transitional mode is vulnerable to downgrade attacks, that attackers may abuse to set up a fake Access Point that only supports WPA2, and thus force WPA3-supported devices to connect using insecure WPA2’s 4-way handshake.
“We also discovered a downgrade attack against SAE [Simultaneous Authentication of Equals handshake, commonly known as Dragonfly] itself, where we can force a device into using a weaker elliptic curve than it normally would use,” the researchers said.
Talking about the other two side-channel attacks – Cache-based (CVE-2019-9494) and Timing-based (CVE-2019-9494) attacks, the Dragonfly’s password encoding method itself found to be a culprit. It could allow attackers to perform a password partitioning attack, which is similar to an offline dictionary attack. All these attacks just hope to access the WiFi password at any cost.
“For our password partitioning attack, we need to record several handshakes with different MAC addresses. We can get handshakes with different MAC addresses by targeting multiple clients in the same network (e.g. convince multiple users to download the same malicious application). If we are only able to attack one client, we can set up rogue APs with the same SSID but a spoofed MAC address,” researchers added.
Researchers Will Release Tools to Test the Vulnerability
Apart from the above attacks, the duo also explained the risks of other attacks such as Denial of Service. The researchers are also going to release four separate tools on Github as a proof-of-concept that users can use to test the mentioned vulnerabilities:
Dragontime: A tool to perform timing attacks against the Dragonfly handshake.
Dragondrain: A tool to test if an Access Point is vulnerable to Dos attacks against WPA3’s Dragonfly handshake.
Dragonforce: A tool to recover from the timing attacks and performs a password partitioning attack.
Dragonslayer: A tool that performs attacks against EAP-pwd.
“Nearly all of our attacks are against SAE’s password encoding method, i.e., against its hash-to-group and hash-to-curve algorithm. Interestingly, a simple change to this algorithm would have prevented most of our attacks,” the researchers said.
The WiFi Alliance is working with vendors to patch the reported issues. If you need more information about DragonBlood or want to read the research paper, visit the official website. They researchers duo also explained how minor changes in the protocol could safeguard ourselves from most of the attacks.
“The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can refer to their device vendors’ websites for more information,” the WiFi Alliance said in its press release.