WiFi Security Vulnerability 'DragonBlood" - Threatwire Crosspost (Patreon)

By Shannon Morse, Threatwire 

WPA3, which is the newest generation of WiFi Protected Access protocol was released about 15 months ago and at the time, was revered as being very secure against password based attacks. Last Wednesday, two security researchers named Mathy Vanhoef and Eyal Ronen released a research paper detailing several attacks against WPA3 titled “Dragonblood: A Security Analysis of WPA3’s SAE Handshake”. WPA does have advantages over WPA2. It is more protected against offline dictionary attacks and enhanced forward secrecy, but it comes with many flaws as well. The research shows that the WPA3 Simultaneous Authentication of Equals Handshake (SAE for short) and also known as Dragonfly, is affected by password partitioning attacks. These are similar to dictionary attacks, in that an attacker could recover a password by abusing timing or cache-based side-channel leaks. The researchers detail each of the attacks they were able to test, as well as mitigation techniques and minor changes that can prevent most attacks.

This SAE handshake is an upgrade from the current WPA2 four way handshake, which contains a hash of the network password and allows for in-range attacks. Dragonblood shows that many of the attacks that were used against WPA2 networks could similarly could be used on WPA3. The researchers state in their paper that had the Wi-Fi Alliance heeded advice early on about password encoding for WPA3, then this wouldn’t have been an issue. But since the new protocol has also been put into effect and many vendors are already implementing it, now the best option is to mitigate the problem with patches. Extensible Authentication Protocol networks, or EAP-pwd enabled networks, are also vulnerable to Dragonblood attacks. Enterprise networks that don’t use EAP-pwd as an option are not vulnerable to any Dragonblood attacks.

The first attack takes advantage of the backwards-compatibility of WPA3, when devices don’t support the new protocol. The attacker could use a man-in-the-middle attack against the network router when it’s sending out wireless beacons, so that it looks as if it’s only a WPA2 router. A four way handshake is initiated and captured. If the attacker already knows the SSID of the network, which is easy to get just by sniffing 2.4ghz with ready-made pentesting tools, they could also create a spoof network of the same name, at which time clients would connect to their WPA2 network instead of the WPA3 one. The downgrade attacks don’t stop there - the researchers were also able to jam and forge the Dragonfly handshake so that its encryption algorithm is forced to use a weaker option. These downgrade attacks work on many devices from many different manufacturers. 

Side-channel leaks were also possible. These attacks use malicious apps or scripts to steal information about the network password during handshakes. Another similar attack steals timing-based information from the handshake to track the password encoding iterations. These could help an attacker brute force the password with very little time needed. Lastly, the researchers could also run a denial of service attack against the WPA3 network, which would keep devices from connecting. Each of these attacks were responsibly disclosed to providers, and they all have CVEs on file. The Wi-Fi Alliance has posted a security bulletin detailing the issues and their identifiers, and recommends updating devices.

To fix these problems, manufacturers will need to implement patches and software updates for their devices. Users should update their firmware ASAP and ensure they’re using strong passwords.