// Security NEWS // WPA3 Flaws Allow the New Wi-Fi Networks Hacking

The new encryption standard is vulnerable to downgrade and side-channel attacks that hackers can use to steal Wi-Fi passwords. Fortunately, patches are already available.

Source

Security researchers Mathy Vanhoef and Eyal Ronen have unveiled attacks on the WPA3 encryption protocol, which was finalized in June 2018.

Flaws in an entirely new protocol

Called Dragonblood, they rely on flaws found in the new negotiation protocol ("Dragonfly handshake") and recover the Wi-Fi networks password for individuals (WPA3-Personal).

Two of them work by downgrading. In the first case, the attacker can take advantage of the access points’ backward compatibility and force the switch from WPA3 to WPA2, then perform a dictionary attack. In the second case, it can force the use of weaker encryption algorithms, and therefore potentially vulnerable.

Two other attacks make it possible to find the password via a so-called "partitioning" technique, which is like the dictionary one. The idea is to reduce the calculation amount thanks to information retrieved by an auxiliary channel.

In the first case, it is the number of iterations performed by WPA3 to encrypt the password during the initialization phase ("handshake"). In the second case, it will inspect accesses to the victim's PC cache to glean details from branch execution.

This last case however requires that the attacker can execute a malware on the victim’s computer. The researchers also took advantage of this announcement to unveil a denial of service attack on the WPA3 protocol.

What does this entail

No need to panic. First, the WPA3 standard is still relatively unpublished in the consumer market, which limits the risk. Moreover, the flaws related to these attacks can be corrected by a firmware update, as specified in a statement from Wi-Fi Alliance. The first patches are already in transit.

Note that the vulnerabilities found by security researchers also affect the EAP-PWD authentication standard, which uses the Dragonfly protocol and is deployed in some enterprise Wi-Fi networks. The researchers have not yet released the details of the possible attacks on EAP-PWD, because the patches are more complicated to put in place.

Stay Informed, Stay Safe

• I've made a lot of articles with tools, explanations and advises to show you how to protect your privacy and to secure your computer, GO check them out!

  • This is my guide to secure your PC after a fresh installation of Windows

  • If you think that your phone or your PC has been hacked, you have to check it right now!

  • That's how you can be more Anonymous on the internet!

  • The future of Cyber-Security, what to expect?

  • The best crypto debit card – Wirex!

  • These are the best VPN to protect your numeric life: NordVPN, ExpressVPN and CyberGhost!

  • Your PC is slow? That's why!

  • Why is it important to be discreet on the Internet

  • The 4 security measure to put in place on your WIFI router

  • The security guide everyone must have on holidays!

  • Feel hot? Your computer also!

  • How an adware works?

  • That's how you should guard against Trojan!

  • Why antiviruses are not your friend?!

  • Basics tools to protect your privacy and your computer

  • What are the different types of hackers?