The new wireless security protocol contains multiple design flaws that hackers could exploit during the attacks on Wi-Fi passwords.
WPA3, a new Wi-Fi security protocol launched in June 2018, suffers from vulnerabilities that allow a hacker to recover the password of a wireless network by carrying out “effective and inexpensive” attacks, according to a news article of an academic journal and a website dedicated to faults.
As a reminder, the third iteration of the Wi-Fi Protected Access Protocol (WPA) aims to improve wireless security, in particular by making it almost impossible to violate a Wi-Fi network using password attacks. This security measure – courtesy of the WPA3 “Simultaneous Authentication of Equals” (SAE) handshake, commonly known as Dragonfly – could even “protect people from themselves,” in the case where a victim would have chosen easy-to-find passwords.
Not so fast, according to Mathy Vanhoef from New York University Abu Dhabi and Eyal Ronen from Tel Aviv University and KU Leuven. Their research has revealed that passwords may not be beyond the reach of hackers, as the protocol contains design flaws of two main types, which can exploit the attack.
“Unfortunately, we have found that even with WPA3, an attacker within reach of a victim can still or recover the password from the Wi-Fi network,” they type. The vulnerabilities – which have identified in the personal, not corporate, implementation of WPA3 – are collectively known as “Dragonblood.”
Dragonblood logo (wpa3.mathyvanhoef.com)
Another kind of attack, nicknamed “downgrade attack,” a hacker targets the WPA3 transition mode, in which a network can simultaneously support WPA2 and WPA3 for backward compatibility.
“If a client and an Access Point(wifi-router) both support WPA2 and WPA3, a hacker can set up a rogue AP that only supports WPA2. The client (i.e., the victim) connects using the WPA2 4-way Handshake. Although the client detects the downgrade to WPA2 during the 4way Handshake, it is too late, “according to the researchers.
The information of 4-Way Handshake that exchanged before the downgrade was detected store enough information to launch an offline password attack against the Wi-Fi. The attacker only needs to know the name of the network, alias Service Set Identifier (SSID), and to be close enough, to broadcast the fake PA.
Also, the side-channel attack, which targets the Dragonfly password encryption method, comes in two versions: based on the cache or the timing.
“The cache-based attack exploits the Dragonfly hash-to-curve algorithm, and our timing-based attack exploits the hash-to-group algorithm. The information leaked in these attacks can use to perform a password partitioning attack, which is similar to a dictionary attack, “point out Vanhoef and Ronen, who also shared scripts to test some of the vulnerabilities they have discovered.
“The resulting attacks are effective and inexpensive. For example, to Brute-force all passwords into lowercase eight characters, we need less than 40 handshakes and $ 125 of Amazon EC2 instances, “they said.
The two researchers also discovered that the built-in protections of WPA3 could be bypassed trivially against denial of service (DoS) attacks that an attacker can overload an Acess Point by throwing a large number of handshakes.
All is not lost
Vanhoef and Ronen explain that they have collaborated with the Wi-Fi Alliance and the US-CERT Coordination Center (CERT / CC), to inform all the suppliers concerned in a coordinated manner.
The Wi-Fi Alliance has acknowledged the vulnerabilities and has stated that it provides implementation advice to affected vendors. “The small number of affected device manufacturers have already started to deploy patches to resolve the problem,” according to the certification body for Wi-Fi enabled devices.
Also, Vanhoef and Ronen specify: “Our attacks could have avoided if the Wi-Fi Alliance had created WPA3 certification in a more open way. However, they point out that despite all its shortcomings, WPA3 is an improvement over WPA2.
Vanhoef is one of the researchers who, in 2017, revealed a security vulnerability in WPA2 known as the Key Reinstallation Attack (KRACK).