Security researchers have discovered series vulnerabilities in WPA3 protocol which could allow attackers to recover the password of the Wi-Fi network.
The Wi-Fi Protected Access III (WPA3) protocol which was launched a year ago, claimed it was impossible to crack the password because of the Dragonfly handshake.
Now Security researchers Mathy Vanhoef and Eyal Ronen have discovered series issues in WPA3-Personal which could be exploited by the attacker to recover the password of the Wi-Fi network by abusing timing or cache-based side-channel leaks.
An attacker within range of a victim can read information that WPA3 was assumed to safely encrypt and steal sensitive transmitted information such as credit card numbers, passwords, chat messages and emails.
Researchers uncovered two types of design flaws in WPA3 protocol which are downgrade attacks and side-channels leaks. Both of these can be used to recover the password used by the Wi-Fi network.
For an easier deployment of WPA3, they added a transition mode to WPA3 to support both WPA2 and WPA3.
This transition mode was discovered vulnerable to downgrade attacks. An attacker could abuse set up a rogue AP that only supports WPA2 and forcing devices to connect using the insecure WPA2’s 4-way handshake.
“Although the client detects the downgrade-to-WPA2 during the 4-way handshake, this is too late. The 4-way handshake messages that were exchanged before the downgrade was detected, provide enough information to launch an offline dictionary attack.”
The attackers could use this to perform a password partitioning attack, which is similar to a dictionary attack and crack the Wi-Fi password.
Cache-Based Side-Channel Attack:
The password encoding algorithm of Dragonfly contains conditional branches. If an attacker could run unprivileged code on the victim machine and find out which branch was taken in the first iteration of the password generation algorithm.
The attacker could abuse this to perform a password partitioning attack (similar to an offline dictionary attack).
Timing-Based Side-Channel Attack:
In this case, the password encoding algorithm uses a variable number of iterations to encode the password.
If an attacker could perform a remote timing attack against the password encoding algorithm and find out how many iterations were needed to encode the password.
This information could be abused to perform a password partitioning attack similar to the offline dictionary attack.
The researchers have also shared the scripts to test the vulnerabilities discovered in WPA3 protocol :
- Dragonslayer: implements attacks against EAP-pwd (to be released shortly).
- Dragondrain: this tool can be used to test to which extend an Access Point is vulnerable to denial-of-service attacks against WPA3’s SAE handshake.
- Dragontime: this is an experimental tool to perform timing attacks against the SAE handshake if MODP group 22, 23, or 24 is used. Note that most WPA3 implementations by default do not enable these groups.
- Dragonforce: this is an experimental tool which takes the information recover from our timing or cache-based attacks, and performs a password partitioning attack. This is similar to a dictionary attack.
Researchers said they have notified WiFi Alliance and CERT/CC about the issue and are working with vendors to patch the WPA3 devices.
The WiFi Alliance has also published a press released which can be viewed here.
You may be interested in reading:Researchers Discovered New Victim of Powerful Triton Malware