Dragonblood vulnerabilities disclosed in WiFi WPA3 standard

guest · Apr 10, 2019

Dragonblood vulnerabilities disclosed in WiFi WPA3 standard
Dragonblood vulnerability discovered by the same security researcher who discovered the KRACK attack on WPA2
April 10, 2019
https://www.zdnet.com/article/dragonblood-vulnerabilities-disclosed-in-wifi-wpa3-standard/

Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance's recently launched WPA3 Wi-Fi security and authentication standard.
THE DRAGONBLOOD VULNERABILITIES
In total, five vulnerabilities are part of the Dragonblood ensemble --a denial of service attack, two downgrade attacks, and two side-channel information leaks.
DARGONBLOOD ALSO IMPACTS EAP-PWD
Besides WPA3, researchers said the Dragonblood vulnerabilities also impact the EAP-pwd (Extensible Authentication Protocol) that is supported in the previous WPA and WPA2 WiFi authentication standards.

The two researchers didn't publish details how the Dragonblood vulnerabilities impact EAP-pwd because the patching process is still in progress. They did, however, publish tools that can be used to discover if WPA3-capable devices are vulnerbale to any of the major Dragonblood flaws.
Click to expand...

guest · Apr 11, 2019

WPA3 Wi-Fi no more secure than WPA2, researchers claim
April 11, 2019
https://appleinsider.com/articles/19/04/11/wpa3-wi-fi-no-more-secure-than-wpa2-researchers-claim

"In light of our presented attacks, we believe that WPA3 does not meet the standards of a modern security protocol," wrote authors Mathy Vanhoef and Eyal Ronen, quoted by Ars Technica. The pair argued that many of the same attacks continue to work and will likely remain effective for years, especially with lower-cost Wi-Fi devices.

WPA3 makes use of a technology dubbed "Dragonfly," more formally Simultaneous Authentication of Equals. This improves a previous four-way "handshake" with a Pairwise Master Key as well as "forward secrecy." In combination, the idea was that WPA3 would be more resistant to password guessing attacks.
The simplest WPA3 exploits involve a transition mode that lets WPA3-ready devices work in backwards compatibility with those that aren't. Another set involves side-channel leaks that leak info about the passwords being used.

In a response, the Alliance said that the paper "identified vulnerabilities in a limited number of early implementations of WPA3-Personal, [...]"
Neither the researchers nor the Alliance have identified any "Dragonblood" exploits being used by real-world hackers.
Click to expand...

guest · Aug 3, 2019

New Dragonblood vulnerabilities found in WiFi WPA3 standard
Two new Dragonblood bugs allow attackers to recover passwords from WPA3 WiFi networks
August 3, 2019
https://www.zdnet.com/article/new-dragonblood-vulnerabilities-found-in-wifi-wpa3-standard/

Yesterday, the same security researchers disclosed two new additional bugs impacting the same standard.

Just like the original Dragonblood vulnerabilities from April, these two new ones allow attackers to leak information from WPA3 cryptographic operations and brute-force a WiFi network's password.
THE TWO BUGS EXPLAINED
The first bug is CVE-2019-13377 and this impacts the WPA3's Dragonfly handshake when using Brainpool curves.
The second bug is CVE-2019-13456 and this impacts the EAP-pwd implementation in the FreeRADIUS framework -- used by many vendors to support WiFi connectivity.
WIFI ALLIANCE'S CLOSED STANDARDS DEVELOPMENT
The researchers said they reported these two new bugs to the WiFi Alliance.
"[The] Wi-Fi standard is now being updated with proper defenses, which might lead to WPA3.1," Vanhoef said.
Click to expand...

guest · Aug 6, 2019

Recovering Wi-Fi Password via Dragonblood Attack Costs $1 of Computing Power
August 6, 2019
https://www.securityweek.com/recovering-wi-fi-password-dragonblood-attack-costs-1-computing-power

Earlier this year [...] these password partitioning attacks, which are similar to a dictionary attack, could be launched using $125 worth of Amazon EC2 computing power for an 8-character lowercase password.

Vanhoef and Ronen also reported that they managed to bring down the cost of launching a brute-force attack, using GPUs, to less than $1 worth of Amazon EC2 instances.
“Fortunately, as a result of our research, both the Wi-Fi standard and EAP-pwd are being updated with a more secure protocol. Although this update is not backwards-compatible with current deployments of WPA3, it does prevent most of our attacks,” the researchers said.
Click to expand...

BoerenkoolMetWorst · Jul 19, 2021

The researcher, Vanhoef confirmed that the side channel attacks are fixed with Hash-to-Element:

Use WPA3. New devices certified by the WiFi alliance require the support of "hash-to-element" which fixes side-channel attacks.
Click to expand...

https://twitter.com/vanhoefm/status/1410134225743921154?s=21

I found this and also another security feature:

Now wi-fi-alliance had updrade the WPA3 security with below:

Hash-to-Element: feature is available now and will be mandatory December 2021
Hash-to-Element is a new method by which the secret password element used in the SAE protocol is generated from a password.Hash-to-Element is based on an algorithm that is considered a cryptographic best practice and is significantly more computationally efficient than the previous “hunting-and-pecking” method, and provides robust resistance to side channel attacks

SAE Public Key (SAE-PK): optional feature is available now
Mitigates rogue (or “evil twin”) AP attacks by providing asymmetric (public key) authentication of the AP, combined with mutual isolation of clients on the network
(From https://www.wi-fi.org/members/wi-fi-alliance-security-requirements)
Click to expand...

https://community.synology.com/enu/forum/2/post/143390
(Link to forum post as the WiFi Alliance page does not seem to be publicly available.

Note that Windows is just adding Hash-to-Element in the upcoming Windows 10 21H2, so it may take a while before both clients and routers support it. Not sure if an OS update is enough or new WiFi drivers are also needed.

Log in or Sign up

Dragonblood vulnerabilities disclosed in WiFi WPA3 standard

guest Guest

guest Guest

guest Guest

guest Guest

BoerenkoolMetWorst Registered Member

Log in or Sign up

Dragonblood vulnerabilities disclosed in WiFi WPA3 standard

guest Guest

guest Guest

guest Guest

guest Guest

BoerenkoolMetWorst Registered Member

Useful Searches