WPA3 Dragonblood vulnerability to the new template

WPA3 Dragonblood: A new vulnerability discovered in the WPA3 standard was named Dragonblood (because it affects the handshake του WPΑ3), και μπορεί να εκμεταλλευτεί για επιθέσεις DoS σε ένα ευπαθές access point ή, για την ευαίσθητων δεδομένων (όπως κωδικούς ) from a Wi-Fi network.

"Attackers can read information that WPA3 is supposed to protect by encryption. This can be used to steal sensitive information such as credit cards, passwords, chats, emails, etc., if no additional protection is used, such as HTTPS, ”say researchers Mathy Vanhoef and Eyal Ronen.WPA3 Dragonblood

WPA3 Dragonblood Attack Ways

The error allows an attacker to do DoS attacks by overloading an access point that uses the WPA3 standard, causing countless handshakes.

The researchers also reported deprecation attacks, where an attacker on a vulnerable access point forces the user to connect using a 4-point handshake used by the WPA2 standard. So he gathers enough information to start one dictionary attack. Σε μια άλλη επίθεση, ο εισβολέας μπορεί να υποβαθμίσει την κρυπτογραφική που χρησιμοποιείται κατά το Dragonfly handshake του WPA3 αναγκάζοντας τον χρήστη και το access point να χρησιμοποιήσουν μια ασθενέστερη κρυπτογράφηση.

Side-channel attacks, cache-based and timing-based, can exploit a vulnerability in the Dragonfly algorithm, allowing an attacker to execute a password-breaking attack ( partitioning attack similar to an offline dictionary attack) to obtain the Wi-Fi password.

"The resulting attacks are effective and low-cost: full-character bruteforcing and 8-character password length require less than $ 125 in Amazon EC2 cases," the researchers said.

More details about each of the attacks mentioned above can be found at paper (PDF) which they published for WPA3 Dragonblood.

The researchers have not yet published all the details about the because they also affect EAP-pwd, the authentication protocol supported in the WPA and WPA2 standards.

Unfortunately, our attacks against WPA3 also work for EAP-pwd, which means that an attacker can even recover a user's password when using EAP-pwd. In addition, we found serious bugs in most EAP-pwd products that allow the attacker to emulate any user. This way he can access the Wi-Fi network without knowing the user's password.

“Although we believe that EAP-pwd is used quite rarely, it still poses serious risks to many και δείχνει τους κινδύνους της λανθασμένης of Dragonfly”.

Researchers have published tools that can be used to check if an access point is vulnerable to any of the aforementioned attacks, but have refrained from releasing a tool that facilitates attacks against EAP-pwd (though they say they will do so soon).

The researchers disclosed their findings to the WiFi Alliance, which issued a statement explaining that the problems identified "affect a limited number of early implementations of WPA3-Personal" (one of two ways s WPA3) and can be resolved with a software update, which users can obtain from the Wi-Fi device vendor's page.

"WPA3-Personal is in the early stages of development and the small number of affected device manufacturers have already begun developing fixes for the problem. "Software updates do not require changes that affect interoperability between the Wi-Fi device." WiFi Alliance.

______________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).