Vulnerabilities are discovered in the new Wi-Fi security standard 'WPA3'



A standard called “

WPA3 ” was formulated in June 2018 with the aim of improving Wi-Fi security, and by the end of 2018, compatible devices have appeared and are beginning to spread. However, within a year of its appearance, it found a way to break the security of WPA3 and it was announced and put together in a paper titled ' Dragonblood '.

Dragonblood: Analyzing WPA3's Dragonfly Handshake
https://wpa3.mathyvanhoef.com/

Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password
https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html

One widely used standard as of 2019 is ' WPA2 ', which is one previous to WPA3. This is called ' KRACK ' which can intercept Wi-Fi traffic without a password Vulnerable ( At best ) It had sexual problems, and WPA3 was trying to fix those problems.



However, in the 'Dragonblood' paper published on April 10, 2019, it was pointed out that WPA3 is vulnerable to two attacks , called downgrade attacks and side channel attacks .

The spread of WPA3 compatible devices has just started, and many devices support WPA2 in case the other party does not support WPA3. A downgrade attack is an attack that uses that, and it is possible to intervene in the connection of the devices corresponding to WPA3 and make it connect by WPA2. If WPA2 can be connected, it will be possible to intercept communication using existing vulnerabilities such as KRACK.

Also, the side channel attack found in WPA3 can be made to use a weak algorithm by encryption of WPA3 equipment. If this weak algorithm is used, part of the network password will be leaked, and repeating this attack will allow an attacker to obtain a complete password.

A website called Dragonblood has been set up for this article, and tools for testing the details and vulnerabilities of articles have been published on this site.

in Security, Posted by log1d_ts