silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance's recently launched WPA3 Wi-Fi security and authentication standard.
If ever exploited, the vulnerabilities would allow an attacker within the range of a victim's network to recover the Wi-Fi password and infiltrate the target's network.
In total, five vulnerabilities are part of the Dragonblood ensemble --a denial of service attack, two downgrade attacks, and two side-channel information leaks.
While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords.
Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard's Dragonfly key exchange --the mechanism through which clients authenticate on a WPA3 router or access point.
In a downgrade attack, WiFi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.
In a side-channel information leak attack, WiFi WPA3-capable networks can trick devices into using weaker algorithms that leak small ammounts of information about the network password. With repeated attacks, the full password can eventually be recovered.
More detailed explanations for each of these vulnerabilities are available in an academic paper authored by Mathy Vanhoef and Eyal Ronen, titled "Dragonblood: A Security Analysis of WPA3's SAE Handshake" --or this website dedicated to the Dragonblood vulnerabilities.