Major vulnerabilities found in new WiFi standard

News
By Anthony Spadafora
published

Dragonblood vulnerabilities could allow hackers to recover user's Wi-Fi passwords

Image Credit: Flickr (Image credit: Image Credit: Chris Oakley / Flickr)

The WiFi Alliance's recently launched WPA3 Wi-Fi security and authentication standard could potentially allow hackers to infiltrate user's networks by exploiting a new group of vulnerabilities discovered by two security researchers.

The vulnerabilities discovered by the researchers, collectively referred to as Dragonblood, would allow a potential attacker within range of a victim's network to recover their Wi-Fi passwords and infiltrate the target's network.

In total, the researchers discovered five vulnerabilities: a denial of service attack, two downgrade attacks and two side-channel information leaks.

The denial of service attack is a less severe vulnerability as it only leads to crashing any WPA3-compatible access points but the other four could be used to recover user passwords.

Dragonblood vulnerabilities

The researchers have called the vulnerabilities they discovered Dragonblood since both downgrade attacks and both the side-channel leaks take advantage of design flaws in the WPA3 standard's Dragonfly key exchange.

The downgrade attacks work by putting pressure on WIFI WPA3-capable networks to use an older and less secure password exchange system that could allow hackers to retrieve network passwords using older flaws.

Side-channel information leak attacks on the other hand, work by tricking devices on WiFI WPA3-capable networks into using weaker algorithms that leak small amounts of information about the network password. Over time and with repeated attacks though, the full password can be recovered.

Following the release of information on these vulnerabilities, the WiFi Alliance reassured users that they had not been exploited by cybercriminals yet in a press release, saying:

“These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited.”

Via ZDNet

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.