Security researchers discovered new vulnerabilities in the WPA3-Personal protocol which allow potential attackers to crack Wi-Fi network passwords and get access to the encrypted network traffic exchanged between the connected devices.
According to a press release from the Wi-Fi Alliance, the devices impacted by these security vulnerabilities in the WPA3 Wi-Fi standard “allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements.”
WPA3 uses Wi-Fi Device Provisioning Protocol (DPP) instead of shared passwords to sign up new devices to the network, a protocol which allows users to scan QR codes or NFC tags to log devices onto the wireless network. Additionally, unlike WPA2, all network traffic will be encrypted after connecting to a network which uses WPA3 WiFi Security.
The WPA3-Personal protocol replaces the Pre-shared Key (PSK) in WPA2-Personal with Simultaneous Authentication of Equals (SAE) to provide more robust password-based authentication.
While the WPA3-Personal was designed to substitute the less secure 14-year-old WPA2, the newer protocol’s Simultaneous Authentication of Equals (SAE) handshake—also known as Dragonfly—seems to be plagued by a number of underlying design flaws which expose users to password partitioning attacks as discovered by researchers.
Dragonblood attacks can be used to steal sensitive information
“These attacks resemble dictionary attacks and allow an adversary to recover the password by abusing timing or cache-based side-channel leaks. Our sidechannel attacks target the protocol’s password encoding method” said Mathy Vanhoef (NYUAD) and Eyal Ronen (Tel Aviv University & KU Leuven) in their research paper.
The researchers also mention on the website dedicated to the analysis of the attacks against WPA3’s Dragonfly handshake that “This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails, and so on.”
As explained in the abstract of the research paper, “The resulting attacks are efficient and low cost: brute-forcing all 8-character lowercase password requires less than 125$in Amazon EC2 instances.”
Since the Dragonfly handshake is used by Wi-Fi networks which require usernames and password for access control, it is also used by the EAP-pwd protocol which makes all the Dragonblood attacks found to impact WPA3-Personal ready to be used against EAP-pwd.
“Moreover, we also discovered serious bugs in most products that implement EAP-pwd. These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password,” state the two researchers, “Although we believe that EAP-pwd is used fairly infrequently, this still poses serious risks for many users, and illustrates the risks of incorrectly implementing Dragonfly.”
Researcher also found KRACK WPA2 vulnerability
The flaws found within WPA3-Personal are of two types, side-channel leaks, and downgrade attacks, and they both can be used by potential attackers to find the Wi-Fi network’s password. More detailed information on each type of attack users are exposed to on wireless networks which employ vulnerable implementations of WPA3-Personal is available HERE.
Vanhoef was also part of the research team which discovered the KRACK (short for key reinstallation attack) attacks affecting the WPA2 protocol that, at the time, impacted “all modern protected Wi-Fi networks.”
The two researchers have also created and shared open source scripts designed to test some of the vulnerabilities they discovered in the WPA3-Personal protocol:
- Dragonslayer: implements attacks against EAP-pwd (to be released shortly).
- Dragondrain: this tool can be used to test to which extend an Access Point is vulnerable to denial-of-service attacks against WPA3’s SAE handshake.
- Dragontime: this is an experimental tool to perform timing attacks against the SAE handshake if MODP group 22, 23, or 24 is used. Note that most WPA3 implementations by default do not enable these groups.
- Dragonforce: this is an experimental tool which takes the information recover from our timing or cache-based attacks, and performs a password partitioning attack. This is similar to a dictionary attack.
Wi-Fi Alliance Working With Vendors to Patch Reported Issues
The duo reported their findings to the WiFi Alliance, the non-profit organization that certifies WiFi standards and Wi-Fi products for conformity, who acknowledged the issues and are working with vendors to patch existing WPA3-certified devices.
“The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can refer to their device vendors’ websites for more information,” the WiFi Alliance says in its press release.
“The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”
You can read more information about these vulnerabilities on the DragonBlood dedicated website, and the research paper, which also explains how minor changes to the protocol could prevent most of the attacks detailed by the researchers.