Dragonblood, a team of cybersecurity researchers who discovered severe vulnerabilities in the new WPA3 Wi-Fi security, a few months ago are at it again. This time they found new ways attackers could hack Wi-Fi passwords.
WPA (Wi-Fi Protected Access) is a security pass that authenticates wireless devices to your Wi-Fi using the Advanced Encryption Standard Protocol. They also prevent hackers from getting access to your wireless data.
WPA3 has launched over a year ago in an attempt to address technical faults in WPA2. It seemed that WPA3 was more secure as it used SAE (Simultaneous Authentication of Equals), as it protected Wi-Fi networks against the use of offline dictionary attacks. However, this isn’t the case, as Dragonblood found several weaknesses in WPA3.
Shortly, after which the Wi-Fi Alliance released patches to address the issue. But those recommendations were created privately without consulting any researchers, and this backfired. As Dragonblood found another vulnerability in WPA3 lately.
New Side-Channel Attack when using Using Brainpool Curves in WPA3:
This is a timing-based side-channel attack when it uses Brainpool curves which is identified as CVE-2019-13377. Brainpool curves were recommended by the Wi-Fi Alliance to add another layer of security. However, this doesn’t stop the attacks. As the new side-channel leak can be found in the password encoding algorithm. Hackers can use brute-force to recover password using the leaked information.
Second Attack Against FreeRADIUS’ EAP-PWD Implementation:
The second vulnerability was identified as CVE-2019-13456. It is an information leak bug which is located in the implementation of EAP-pwd in FreeRADIUS. FreeRADIUS is a central database which authenticates remote users and is the most used open-source RADIUS server.
Hackers could attack by initiating several EAP-pwd handshakes to leak information. This info can be used to recover the user’s Wi-Fi password by performing dictionary and brute-force attacks.
The most worrisome thing is implementing Dragonfly algorithm and WPA3 without side-channel leaks is difficult, and implementing backward countermeasures against these attacks in lightweight devices is extremely expensive.
Although this information was shared with the WI-Fi Alliance and Dragonblood tweeted that with new updates in defence in WPA3, we might lead to WPA 3.1. But unfortunately, these new defences updates won’t be compatible with the earlier version of WPA3.
Mathy Vanhoef part of Dragonblood believes that the whole problem arises due to Wi-Fi Alliance creating new security guidelines in private and not discussing them in public.