WiFi Protected Access 3 (WPA3), the next generation wireless security protocol, is affected by a few design flaws that make it vulnerable to attacks, as claimed by researchers. WPA3 was released in 2018 as a successor to WPA2 which released over a decade ago. The WPA3 was touted to come with several security enhancements, nevertheless, according to the new revelations, the security protocol is vulnerable to password partitioning attacks.
WiFi Alliance, a company that is responsible for overseeing the wireless security protocols and security certification programs, has admitted that such vulnerabilities exist and it says that the device manufacturers have already started to release patches for the issue.
According to a research paper published by Mathy Vanhoef of New York University, Abu Dhabi, and Eyal Ronen of Tel Aviv University, Simultaneous Authentication of Equals (SAE) handshake, commonly known as Dragonfly on WPA3’s are vulnerable to partitioning attacks. Password partitioning attacks can be carried out to recover the password to a Wi-Fi network. The SAE handshake was introduced with WPA3 for the home network in order to prevent dictionary attacks, however, it has been found to have both timing and cache-based side-channel vulnerabilities in its password encoding method.
Referred to as Dragonblood, these vulnerabilities allowed the researchers to successfully guess the password of wireless networks protected by WPA3 security. According to the researchers, the lack of transparency in the creation of the WPA3 standard is the main cause of this security issue. To recall, Vanhoef was also responsible for finding out KRACK security flow. WPA2 security was also found to be vulnerable to KRACK attacks in October 2017. Major tech companies like Apple, Google, and Microsoft soon had to roll out patches for their systems in order to take care of the issue. Notably, KRACK bug was one of the reasons behind the development of WPA3.
“In light of our presented attacks, we believe that WPA3 does not meet the standards of a modern security protocol. Moreover, we believe that our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner,” Mathy Vanhoef of New York University, Abu Dhabi, and Eyal Ronen of Tel Aviv University and KU Leuven stated in the research paper.
Following the release of the research papers, the WiFi Alliance came out and acknowledged the issue.
“Recently published research identified vulnerabilities in a limited number of early implementations of WPA3-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations or use unsuitable cryptographic elements,” Wi-Fi Alliance said in a statement. “WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues. These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited.”