Dragonblood, a team of cybersecurity researchers who discovered severe vulnerabilities in the new WPA3 Wi-Fi security, a few months ago are at it again. This time they found new ways attackers could hack Wi-Fi passwords.

WPA (Wi-Fi Protected Access) is a security pass that authenticates wireless devices to your Wi-Fi using the Advanced Encryption Standard Protocol. They also prevent hackers from getting access to your wireless data.

Hack WPA3 Enabled Wi-Fi
Hack WPA3 Enabled Wi-Fi

WPA3 has launched over a year ago in an attempt to address technical faults in WPA2. It seemed that WPA3 was more secure as it used SAE (Simultaneous Authentication of Equals), as it protected Wi-Fi networks against the use of offline dictionary attacks. However, this isnโ€™t the case, as Dragonblood found several weaknesses in WPA3.

Shortly, after which the Wi-Fi Alliance released patches to address the issue. But those recommendations were created privately without consulting any researchers, and this backfired. As Dragonblood found another vulnerability in WPA3 lately.

New Side-Channel Attack when using Using Brainpool Curves in WPA3:

This is a timing-based side-channel attack when it uses Brainpool curves which is identified as CVE-2019-13377. Brainpool curves were recommended by the Wi-Fi Alliance to add another layer of security. However, this doesnโ€™t stop the attacks. As the new side-channel leak can be found in the password encoding algorithm. Hackers can use brute-force to recover password using the leaked information.

Second Attack Against FreeRADIUSโ€™ EAP-PWD Implementation:

The second vulnerability was identified as CVE-2019-13456. It is an information leak bug which is located in the implementation of EAP-pwd in FreeRADIUS. FreeRADIUS is a central database which authenticates remote users and is the most used open-source RADIUS server.

Hackers could attack by initiating several EAP-pwd handshakes to leak information. This info can be used to recover the userโ€™s Wi-Fi password by performing dictionary and brute-force attacks.

The most worrisome thing is implementing Dragonfly algorithm and WPA3 without side-channel leaks is difficult, and implementing backward countermeasures against these attacks in lightweight devices is extremely expensive.

Although this information was shared with the WI-Fi Alliance and Dragonblood tweeted that with new updates in defence in WPA3, we might lead to WPA 3.1. But unfortunately, these new defences updates wonโ€™t be compatible with the earlier version of WPA3.

Mathy Vanhoef part of Dragonblood believes that the whole problem arises due to Wi-Fi Alliance creating new security guidelines in private and not discussing them in public.

LEAVE A REPLY

Please enter your comment!
Please enter your name here