Everything you need to know about DragonBlood to hack WPA3 password for Wi-Fi

WPA or Wifi Protected Access is a standard protocol designed to authenticate wireless devices using the Advanced Encryption Standard (AES) and restrict hackers from tapping on the wireless network. Although WPA2 is secure from previous security protocols, it is vulnerable to some major cyber attacks such as KRACK (Key Reinstallation Attack).

In June 2018, Wi-Fi Alliance released WPA3, a successor to WPA2 with goals to increase encryption strength, provide strong authentication, encryption features, better and secure access to IoT wifi devices, etc.

On the one hand, we are approaching the first anniversary of the WPA3 protocol. On the other hand, some security researchers have revealed the severe weaknesses in WPA3. These flaws are so serious that they could allow an attacker to recover a Wi-Fi password.

Security researchers Mathy Vanhoef and Eyal Ronen discovered weaknesses in the early implementation of WPA3-Personal. These vulnerabilities allow a hacker to recover the WiFi passwords by exploiting the timing or leaks of a cache-based side channel.

According to researchers, "In a significant way, an attacker can then read information that WPA3 has safely encrypted." This can be misused to steal sensitive sent information such as credit card numbers, passwords, chat messages, e-mail messages, etc.

Major security flaws in WPA3

Although the latest WiFi Security WPA3 standards rely on Dragonfly, meaning that the most secure authentication is designed to prevent dictionary attacks without an Internet connection, other risks can not be ignored. In a research paper titled DragonBlood, published, security researchers have clarified two types of defects in WPA3 - leading first to lower rating attacks and second to side channel leaks.

The age of WPA2 is nearly 15 years and adoption of WPA3 in a wide range is certainly not possible overnight. The WiFi Alliance option is not available as opposed to supporting legacy devices. WPA3 devices provide "transition mode" and allow devices to accept connections using both WPA3-SAE and WPA2. This transition mode is vulnerable to downgrade attacks, which may offend attackers to set up a fake access point that only supports WPA2, thus forcing WPA3-supported devices to connect using unsecured authentication in the WPA2 direction.

"We have also discovered a reduced SAE attack, known as Dragonfly itself, where we can force the device to use a weaker elliptic curve than is normally used," the researchers said.

When talking about the other two attacks on the side channel - cache attacks (CVE-2019-9494) and time-based attacks (CVE-2019-9494), the Dragonfly password encryption method was found in itself. An attacker could allow a password-splitting attack, which is similar to an offline dictionary attack. All these attacks only hope to access a WiFi password at all costs.

"For our password-splitting attack, we need to register multiple authentications using different MAC addresses." We can get authentication using different MAC addresses by targeting multiple clients on the same network (for example, persuading multiple users to download the same malicious application) If we are only able to attack a single client, we can set up access points with the same SSID but using a spoofed MAC address.

Apart from the above-mentioned attacks, the duo explained the risks of other attacks such as denial of service. Researchers will also issue four separate tools on Github as proof of the concept users can use to test these vulnerabilities:

    Dragontime: A tool to perform timing attacks against dragonfly authentication.
    Dragondrain: A tool to test whether an access point is vulnerable to Dos attacks against Dragonfly WPA3 authentication.
    Dragonforce: A tool to protect against timing attacks and to execute a password splitting attack.
    Dragonslayer: Tool implements attacks against EAP-PWD.

WiFi Alliance works with companies that develop routers to correct reported issues. If you need more information about DragonBlood or want to read the paper, visit the official website.

"Software updates do not require any changes that affect interoperability between Wi-Fi devices." Users can go back to their hardware vendors' sites for more information, "said the WiFi Alliance in its press release.