The WiFi Alliance claims that the flaws can be fixed with software/firmware updates
A STRING OF FLAWS in the WPA3 internet security standard could allow hackers to obtain the password of a WiFi network.
Launched in January 2018, WPA3 uses the Advanced Encryption Standard (AES) protocol to improve WiFi network security. However, a new research paper published by Mathy Vanhoef and Eyal Ronen shows that the protocol may not be as safe as previously thought.
“The WPA3 certification aims to secure WiFi networks, and provides several advantages over its predecessor, WPA2, such as protection against offline dictionary attacks and forward secrecy,” wrote the researchers.
“Unfortunately, we show that WPA3 is affected by several design flaws, and analyze these flaws both theoretically and practically.”
According to their findings, attackers could leverage timing or cache-based side-channel leaks to work out the password of a WiFi network.
The researchers claimed that this technique can be “abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails and so on”.
They go on to say that WPA3’s Simultaneous Authentication of Equals (SAE) handshake, also known as Dragonfly, can be affected by password partitioning attacks.
“These attacks resemble dictionary attacks and allow an adversary to recover the password by abusing timing or cache-based side-channel leaks,” they said.
“Our sidechannel attacks target the protocol’s password encoding method. For instance, our cache-based attack exploits SAE’s hash-to-curve algorithm.
“The resulting attacks are efficient and low cost: brute-forcing an eight-character lowercase password requires less than $125 in Amazon EC2 instances.”
What’s more, the researchers identified a denial-of-service attack that works “by initiating a large amount of handshakes with a WPA3-enabled Access Point”.
To help people identify and mitigate these attacks, the researchers have released four proof-of-concept tools on GitHub. With them, users can test these vulnerabilities.
“Nearly all of our attacks are against SAE’s password encoding method, ie, against its hash-to-group and hash-to-curve algorithm. Interestingly, a simple change to this algorithm would have prevented most of our attacks,” added the academics.
After learning of the vulnerabilities, the WiFi Alliance released a statement: “These issues can be resolved through a straightforward software update – a process much like the software updates WiFi users regularly perform on their mobile devices.
“WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issue.
“The software updates do not require any changes that affect interoperability between WiFi devices. Users can refer to their device vendors’ websites for more information.” µ
Source : Inquirer