Security researchers have discovered a group of vulnerabilities that affect the new WPA3 Wi-Fi security and authentication standard of the WiFi Alliance. In case of abuse, Dragonblood, as the group is called, can restore the WiFi password within range of a victim’s network.

In addition, a hacker can also infiltrate the target’s network. This is shown by the reportDragonblood: A Security Analysis of WPA3s SAE Handshakeas written by the two security researchers, Mathy Vanhoef and Eyal Ronen.

The WiFi Alliance announces that it has released a security update for the WPA3 standard. These problems can all be limited by software updates, without affecting the ability of devices to work well together, says WiFi Alliance. According to the Alliance, it is recommended that suppliers of WiFi products integrate the changes into their products via firmware updates as soon as possible.

KRACK attack

Vanhoef, one of the discoverers of the vulnerabilities, is the same security researcher who revealed the so-called KRACK attack on the WiFi WPA2 standard in the autumn of 2017. According to ZDnet, it was precisely for this reason that the WiFi Alliance developed WPA3.

According to the researchers, a total of five vulnerabilities are part of the Dragonblood ensemble. This would involve a denial of service attack, two downgrade attacks and two side-channel information leaks, in which the denial of service attack is seen as somewhat unimportant. This would only lead to the crashing of WPA3 compatible access points.

Downgrade attacks and side-channel information leaks

However, the two downgrade attacks and the two side-channel information leaks would offer the possibility to retrieve passwords. Both vulnerabilities exploit design flaws in the Dragonfly key exchange of the WPA3 standard, the mechanism by which clients are authenticated on a WPA3 router or access point.

In the event of a downgrade attack, WiFi WPA3-compatible networks may be forced to use an older and more insecure password exchange system. This makes it possible for attackers to retrieve the network passwords using older errors.

With a side-channel information leak, WiFi WPA3-compatible networks can mislead devices. They do this by using weaker algorithms, which leak small amounts of information about the network password. The full password can finally be restored in case of repeated attacks.

Extensible Authentication Protocol

Furthermore, the vulnerabilities of Dragonblood would also affect the Extensible Authentication Protocol (EAP-pwd). This protocol is supported by WPA and WPA2 WiFi authentication standards. We discovered serious errors in most of the products that implement EAP-pwd. Allows an attacker to pretend to be a user and thus access the Wi-Fi network. For this, the attacker does not need to know the user’s password, according to the researchers.

As patches are still taking place, the researchers will not reveal any further details on how Dragonblood vulnerabilities affect EAP-pwd. However, tools have already been published that can determine whether WPA3 devices are vulnerable to one of the Dragonblood errors.

Read also: Safer wifi: the advantages and pitfalls of WPA3

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.