The cyber-security team which had recently found various vulnerabilities collectively named as “DragonBlood” in the new WPA3 WiFi protocol. The same group of researchers now found two more significant weaknesses in the WPA3 WiFi protocol.
The WPA3 WiFi protocol was launched about a year ago. This new protocol offers a more secure handshake which is called SAE (Simultaneous Authentication of Equals) that is also named as “DragonFly.” This WPA3 protocol provides security from offline dictionary attacks.
Within the 12 months of this new WiFi protocol release, two researchers Eyal Ronen and Mathy Vanhoef discovered various flaws (DragonBlood) through which a hacker can get access to WiFi passwords in several ways.
Last time when these vulnerabilities were reported, patches were released to fix the issue, and some concerns were made for the security of WPA3 networks, but the patches were privately made without taking any recommendations from security researchers. That’s why two new side-channel attacks were opened that let the hackers steal WiFi passwords of other users.
Side-Channel Attack using Brainpool Curves
This new Side-Channel leak is present in the password encoding algorithm of the WPA3 Dragonfly system. Researchers have also confirmed that the leaked information can be used to brute-force the password using the revealed information.
The first vulnerability is designated as CVE-2019-13377, and this attack is a time-based attack that is done by using Brainpool Curves against the WPA3 protocol’s handshake. Security researchers have pointed out that using the Brainpool Curves will lead to another second side-channel attack in the Dragonfly’s handshake.
The Attack against FreeRADIUS’ EAP-PWD
The second vulnerability is based on leaked information which occurs in the implementation of the Extensible Authentication Protocol-Password (EAP-PWD) present in the FreeRADIUS.
FreeRADIUS is an open-source server that companies use to authenticate remote users, and it is the most widely used for this particular purpose.
One of the researchers named as Mathy Vanhoef told that the EAP-PWD could be used to leak enough information through the DragonFly handshakes that can be easily used by the hacker to steal the user’s WiFi password by performing brute-force and dictionary attacks.
The security researchers have reported all the flaws to the WiFi Alliance, and according to them, the WiFi standard is being updated with the proper security and patches, and it is likely possible that there will be a new WPA 3.1 version but these security updates and the latest version will not be compatible with the beginning version of WPA3.
According to Mathy Vanhoef, the WiFi Alliance did everything related to their security and patches privately, if these security improvement steps were taken publically, the WPA3 protocol could be more secure, and they would not have faced these new flaws and issues.