WPA3 stumbles out the gate thanks to a familiar vulnerability.
When the long-awaited WPA3 rolled out at the end of last year, the last thing anyone expected was for vulnerabilities in the shiny new WiFi security protocol to be discovered before the paint was even dry.
In a cruel irony, the security flaws – dubbed Dragonblood – were identified by the same duo of researchers behind the discovery of KRACK, the critical vulnerability in WPA2 that was the final nail in the coffin for WPA3’s 14-year-old predecessor and prompt for its replacement.
While the WiFi Alliance have released a change in specification for the WPA3 standard, and hardware/software vendors have implemented the appropriate patches, the discovery of major security flaws in such quick succession is an unwelcome reminder that we should not blindly trust WiFi networks, even when they are supposedly “secure”. After all, who’s to say when the next weakness will be found or who might find it?
The Key Difference between WPA2 and WPA3
WPA2 – currently the most widely used security protocol despite it being phased out by WPA3 – had been around for 14 years.
It was exposed in 2017 as having critical flaws that could be exploited through a hacking method known as KRACK, which allowed malicious attackers to decrypt network traffic. This meant that any information shared over the network, such as credit card details, passwords or private messages, could be read by an attacker and used for criminal activity.
The WPA3 protocol promised a distinct improvement due to its replacement of WPA2’s 4-way handshake with a Simultaneous Authentication of Equals (SAE) handshake, commonly known as Dragonfly.
A Recap of WPA2 Vulnerabilities
Research led by Matty Vanhoef and Eyal Ronen exposed critical security flaws in the WPA2 protocol. These flaws allowed attackers to decrypt a user’s connection, making their internet traffic visible as well as any personal information they shared online. Data could also be manipulated or injected into the network with the aim of inserting ransomware or other malware into a website.
To manipulate these WPA2 flaws, attackers would have had to be within range of the victim and launch a series of key reinstallation attacks (KRACK). To protect against these attacks, users were recommended to keep all devices up-to-date and install patches once they were made available.
Following the discovery of KRACK, many believed WPA3 would present a significant improvement in WiFi security.
Dragonblood Vulnerabilities Discovered in WPA3
Shortly after its release, vulnerabilities were once again discovered in WPA3 by Vanhoef and Ronen, raising concerns about what other flaws may be uncovered in the future.
These flaws were largely related to the new Dragonfly handshake protocol. Crucially, this is used in networks that require password-based authentication.
Vanhoef and Ronent discovered five types of attack that could be successfully executed on WPA3, collectively known as Dragonblood.
Four of these attacks were based on the exploitation of vulnerabilities in the Dragonfly handshake protocol. These were as follows:
- Security group downgrade attacks
- Timing-based side-channel attacks
- Cache-based side-channel attacks
- Resource consumption attacks.
As well as flaws in the handshake protocol, researchers found that downgrade attacks against the WPA3-Transition mode could lead to dictionary attacks, enabling the recovery of a network’s password.
These vulnerabilities would have allowed an attacker within range of the victim to recover the password of a network, monitor network traffic and steal sensitive information if no further website protection such as HTTPS was used.
Soon after the discovery of Dragonblood, the WiFi alliance alerted manufacturers and released patches to ensure that those already using WPA3 were protected against possible attacks.
Don’t Rely On Your Network For Security
Though the WiFi alliance have now patched WPA3, the discovery of Dragonblood weaknesses so soon after its release is concerning. The fact that these flaws were found less than two years after the discovery of KRACK suggests that it’s only a matter of time before more weaknesses are discovered and highlights how even password protected networks fail to offer complete security.
Head of Research at Top10VPN Simon Migliano says ‘Considering that the paint was barely dry on WPA3 before serious security flaws were discovered, it’s not unrealistic to expect that further vulnerabilities may yet be discovered in time.’
Migliano recommends users take extra security measures such as using a VPN ‘for all sensitive communications.’ VPNs work by encrypting a user’s internet connection via a remote server, ensuring that anyone spying on the network is unable to read any traffic sent between a device and the server.
Dragonblood vulnerabilities in WPA3 have demonstrated that WiFi networks alone should not be relied upon for the security and protection of your data.
The discovery of KRACK weaknesses in WPA2 led consumers to believe that the development of WPA3 promised a vast improvement to WiFi security. However, the recent Dragonblood discovery has so far proved that this is not the case.
With that in mind, consumers should ensure they use extra measures, such as a VPN, to limit the chances of falling victim to an attack on their network. Simply relying on your WiFi protocol for security is likely never to be enough.