Serious flaws make WPA3 vulnerable to attacks that can steal WiFi passwords

Must Read

Sanju Samson to replace Shikhar Dhawan in T20 series against WI

Sanju Samson will replace injured Indian opener Shikhar Dhawan in the T20s series against West Indies starting from next...

Supreme Court lashes out on Centre & Delhi govts for Rising Pollution

The Apex Court of the Country, the Supreme Court on Monday lashed the Central and State Government for their...

Harbhajan Singh wishes BCCI Prez Sourav Ganguly to change Selection Panel

The Indian off-spinner Harbhajan Singh on Monday urged Sourav Ganguly, President of BCCI (The Board of Control for Cricket...

WiFi Protected Access 3 (WPA3), the next generation wireless security protocol, is affected by a few design flaws that make it vulnerable to attacks, as claimed by researchers. WPA3 was released in 2018 as a successor to WPA2 which released over a decade ago. The WPA3 was touted to come with several security enhancements, nevertheless, according to the new revelations, the security protocol is vulnerable to password partitioning attacks.

WiFi Alliance, a company that is responsible for overseeing the wireless security protocols and security certification programs, has admitted that such vulnerabilities exist and it says that the device manufacturers have already started to release patches for the issue.

According to a research paper published by  Mathy Vanhoef of New York University, Abu Dhabi, and Eyal Ronen of Tel Aviv University, Simultaneous Authentication of Equals (SAE) handshake, commonly known as Dragonfly on WPA3’s are vulnerable to partitioning attacks. Password partitioning attacks can be carried out to recover the password to a Wi-Fi network. The SAE handshake was introduced with WPA3 for the home network in order to prevent dictionary attacks, however, it has been found to have both timing and cache-based side-channel vulnerabilities in its password encoding method.

Referred to as Dragonblood, these vulnerabilities allowed the researchers to successfully guess the password of wireless networks protected by WPA3 security. According to the researchers, the lack of transparency in the creation of the WPA3 standard is the main cause of this security issue. To recall, Vanhoef was also responsible for finding out KRACK security flow. WPA2 security was also found to be vulnerable to KRACK attacks in October 2017. Major tech companies like Apple, Google, and Microsoft soon had to roll out patches for their systems in order to take care of the issue. Notably, KRACK bug was one of the reasons behind the development of WPA3.

“In light of our presented attacks, we believe that WPA3 does not meet the standards of a modern security protocol. Moreover, we believe that our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner,” Mathy Vanhoef of New York University, Abu Dhabi, and Eyal Ronen of Tel Aviv University and KU Leuven stated in the research paper.

Following the release of the research papers, the WiFi Alliance came out and acknowledged the issue.

“Recently published research identified vulnerabilities in a limited number of early implementations of WPA3-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations or use unsuitable cryptographic elements,” Wi-Fi Alliance said in a statement. “WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues. These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited.”



Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Ghulam Nabi Azad calls CAB bill “totally unconstitutional”; says Congress will oppose bill in Rajya Sabha

Speaking on the issue of the Citizenship (Amendment) Bill, 2019, Rajya Sabha member and senior Congress leader Ghulam Nabi...

Lok Sabha passes Constitution (One Hundred and Twenty-Sixth Amendment) Bill, 2019, Unanimous decision extends reservation for SCs & STs for 10 years

Lok Sabha cleared the bill for the extension of reservation for SCs (Scheduled Castes) and STs (Scheduled Tribes) on Tuesday for the next 10...

Tejashwi Yadav iterates party’s stand to oppose CAB bill, accuses Bihar CM Nitish Kumar of betraying people of Bihar by supporting bill

Airing his views public for the first time on the recently passed Citizenship (Amendment) Bill, Rashtriya Janata Dal leader Tejashwi Yadav announced his party's...

Raghuram Rajan suggests 11 point approach to revive distressing Indian economy

Former RBI governor Raghuram Rajan warned that sectors of India’s economy are “ticking time bomb”. A term coined by famous author Eduardo Galeano in...

YES Bank to consider Citax offer of $500-mn investment; Erwin Braich’s offer also under discussion

The board decided in the meeting that the final decision for the allotment to Citax Holdings and Citax Investment Group will follow in the next board meeting
- Advertisement -

More Articles Like This