Security researchers have revealed the details about a group of vulnerabilities collectively called as Dragonblood that affects the WiFi Alliance’s WPA3 Wi-Fi security and authentication standard.
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data.
The Wi-Fi Protected Access III (WPA3) protocol was launched to address technical shortcomings of the WPA2 protocol from the ground, which were considered to be insecure and vulnerable to KRACK (Key Reinstallation Attack).
WPA3 relies on a more secure handshake called Dragonfly, that aims to protect Wi-Fi networks against offline dictionary attacks. The security researchers Mathy Vanhoef and Eyal Ronen found vulnerabilities in the early implementation of WPA3-Personal, that would permit an attacker to recover WiFi passwords by abusing timing or cache-based side-channel leaks.
According to the researchers the attackers can read information that WPA3 was supposed to safely encrypt. This can be abused to steal sensitive transmitted information such as credit card numbers, passwords, chat messages, emails etc.
Vulnerabilities in WPA3 — Hacking WiFi Password
The researchers have published a research paper regarding DragonBlood, that includes two types of design flaws in WPA3—first leads to downgrade attacks and second to side-channel leaks.
WPA2 protocol was widely used by billions of devices for over 15 years and so it is not required that the WPA3 would be adopted so quickly. In order to support old devices, WPA3 Certified devices offer a “transitional mode of operation” that can be configured to accept connections using both WPA3-SAE and WPA2.
It is found that the transitional mode is vulnerable to downgrade attacks, which can be abused by attackers to set up a rogue AP that only supports WPA2, forcing WPA3-supported devices to connect using insecure WPA2’s 4-way handshake.
They also found a downgrade attack against SAE [Simultaneous Authentication of Equals handshake, commonly known as Dragonfly] where it is possible to force a device into using a weaker elliptic curve than it normally would use.
It is not necessary to perform a man-in-the-middle attack to carry out downgrade attack. The attackers have to just know the SSID of the WPA3- SAE network.
Two side-channel attacks were also pointed out by the researchers. They are Cache-based (CVE-2019-9494) and Timing-based (CVE-2019-9494) attacks against Dragonfly’s password encoding method that could let attackers to perform a password partitioning attack, similar to an offline dictionary attack, to get the Wi-Fi password.
Besides these, a Denial of Service attack can also be launched by overloading an “AP by initiating a large number of handshakes with a WPA3-enabled Access Point,” bypassing SAE’s anti-clogging mechanism that is supposed to prevent DoS attacks.
Some of these vulnerabilities also affect devices using the EAP-pwd (Extensible Authentication Protocol-Password) protocol, which is also based on the Dragonfly password-authenticated key exchange method.
The researchers have released four tools on GitHub as a proof-of-concept which can be used to test the vulnerabilities
- Dragondrain: a tool that can test to which extend an Access Point is vulnerable to Dos attacks against WPA3’s Dragonfly handshake.
- Dragontime: an experimental tool to perform timing attacks against the Dragonfly handshake.
- Dragonforce: an experimental tool that takes the information to recover from the timing attacks and performs a password partitioning attack.
- Dragonslayer: a tool that implements attacks against EAP-pwd.
Wi-Fi Alliance Working with Vendors to Patch Reported Issues
The researchers have reported their findings to the WiFi Alliance, the non-profit organization that certifies WiFi standards and Wi-Fi products for conformity. They have acknowledged the issues and are working with vendors to patch existing WPA3-certified devices.
WiFi Allaiance stated that the software updates do not require any changes that affect interoperability between Wi-Fi devices. The users can refer to their device vendors’ websites for more information and they can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.