WPA3 vulnerabilities can allow attackers to steal Wi-Fi passwords

WPA3, a new Wi-Fi security protocol launched in June 2018, has vulnerabilities that allow an adversary to recover the password of a wireless network through "effective and low-cost" attacks, according to one new article and a website. dedicated to defects.

As a reminder, the third iteration of the Wi-Fi Protected Access (WPA) protocol aims to enhance wireless security, in particular by making it virtually impossible to attack a WiFi network by password-type attacks. This backup – which is a courtesy of WPA3's "Simultaneous Authentication of Equals" handshake (SAE), better known as Dragonfly – could even "save people from themselves", that is, in a scenario far too common when they choose an easy password solution.

Not so fast, according to Mathy Vanhoef of the University of New York at Abu Dhabi and Eyal Ronen of Tel Aviv University and KU Leuven. Their research revealed that passwords might not be inaccessible to hackers because the protocol contains two main types of vulnerabilities that can be exploited for attacks.

"Unfortunately, we found that even with WPA3, an attacker within range of the victim can still recover the password from the Wi-Fi network," they write. The vulnerabilities – identified only in the implementation of WPA3 under Personal, and not by Enterprise – are collectively referred to as "Dragonblood".

One type of attack, called "downgrading attack," targets the WPA3 transition mode, where one network can simultaneously support WPA2 and WPA3 for backward compatibility.

"[I]f a customer and AP [access point] both support WPA2 and WPA3, an opponent can configure an unauthorized access point that only supports WPA2. This forces the client (ie the victim) to connect using WPA2's 4-way link. Although the client detects the downshift towards WPA2 during the 4-way handshake, it's too late, "according to the researchers.

Indeed, the four-way handshake messages exchanged before the demotion detection provide enough information to launch an offline dictionary attack against the Wi-Fi password. The "only" attacker must know the network name, also called SSID (Service Set Identifier), and be close enough to broadcast the unauthorized access point.

At the same time, the "secondary channel attack" targets the Dragonfly password coding method, called the "hunting and tingling" algorithm. This attack comes in two versions: cache-based and synchronization.

"The cache-based attack exploits the Dragonflys curve hash algorithm, and our time-based attack leverages the group hash algorithm. The information disclosed during these attacks can be used to perform a password partition attack, similar to a dictionary attack, "said Vanhoef and Ronen, who also shared scripts to test some of the vulnerabilities found.

"The resulting attacks are effective and inexpensive. For example, to brutally force all 8-character lowercase passwords, we need less than 40 handshakes and $ 125 of Amazon EC2 instances, "they wrote.

In addition, the two researchers also discovered that WPA3's built-in protections against denial of service (DoS) attacks can be trivially circumvented and that an attacker can overload an access point by initiating a large number of handshake.

All is not lost

Vanhoef and Ronen reported working with the Wi-Fi Alliance and the US CERT Coordination Center (CERT / CC) to inform all relevant suppliers in a coordinated manner.

The Wi-Fi Alliance acknowledged the vulnerabilities and indicated that it provided implementation advice to the relevant vendors. "The small number of affected device manufacturers have already begun to deploy fixes to solve the problem," according to the certification body for Wi-Fi enabled devices.

Vanhoef and Ronen added that "our attacks could have been avoided if the Wi-Fi Alliance created WPA3 certification more openly." However, despite all its faults, WPA3 is an improvement over WPA2, they concluded.

In particular, Vanhoef was one of the researchers who, in 2017, revealed a security breach in WPA2 called "Key Reinstallation AttaCK" (KRACK).

Tomáš Foltýn April 11, 2019 – 4:50 pm