A few months back, a team of the cyber security researchers had discovered several serious vulnerabilities that were collectively known as “Dragonblood” in the newly launched WPA3 security standard of Wi-Fi, off lately have discovered two more serious flaws that could allow the hackers to hack the Wi-Fi passwords. What WPA or Wi-Fi Protected Access is that it is a Wi-Fi security standard that has been designed to authenticate the wireless devices that use the Advanced Encryption Standard (AES) protocol and is intended to prevent the hackers from conducting eavesdrop on the wireless data.
The Wi-Fi Protected Access III or WPA3 protocol was launched just a year ago in an attempt to address technical shortcomings of the WPA2 protocol from the ground, which has long been considered to be insecure and found vulnerable to more severe and serious KRACK attacks. WPA3, on the other hand, relies on a more secure handshake, called the SAE or Simultaneous Authentication of Equals, which is also known as Dragonfly that aims to protect the Wi-Fi networks against offline dictionary attacks. Nevertheless, in just less than a year, the security researchers named Mathy Vanhoef and Eyal Ronen have found out several weaknesses with the Dragonblood in the early implementation of the WPA3 permitting the attackers to recover the Wi-Fi passwords by abusing the timing or the cache-based side-channel leaks.
Soon after that disclosure, the Wi-Fi Alliance, the non-profit organization that oversees the adoption of the W-Fi standard and released patches to address the issues and created security recommendations in order to mitigate the initial Dragonblood attacks. But it has been found out that those security recommendations that were created privately without collaborating with the researchers are not enough to protect the users against the Dragonblood attacks but at the same time opens up two latest side-channel attacks that once again allows the attackers to steal the Wi-Fi passwords even if the latest Wi-Fi protocols are in use.
The very first vulnerability has been identified as CVE-2019-13377, is a timing-based side-channel attack made against the Dragonfly handshake while using the Brainpool curves that the Wi-Fi Alliance recommended the vendors to use as one of the security recommendations in order to add another additional layer of security.
The second vulnerability has been identified as CVE-2019-13456 which is an information leak bug that resides the implementation of the EAP-PWD or the Extensible Authentication Protocol Password in the FreeRADIUS, which is one of the most widely used open-source RADIUS server, which the companies utilize as a central database to authenticate the remote users. One of the two researchers who has discovered the Dragonblood flaws, Mathy Vanhoef, has informed that an attacker could initiate several EAP-PWD handshakes to leak information that can be then used to recover the user’s Wi-Fi password by performing the dictionary and as well as brute-force attacks.
As per the researchers, implementing the Dragonfly algorithm and WPA3 without the side-channel leaks is pretty surprising and the backward-compatible countermeasures against all of these attacks are overly pricey for the lightweight devices. The researchers have also shared their latest findings with the Wi-Fi Alliance and have also tweeted on that:
Mathy Vanhoef has also revealed that it is unfortunate that the Wi-Fi Alliance has created its security guidelines in private.
Source: The Hacker News
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.