Two computer security researchers have uncovered vulnerabilities related to the new Wi-Fi security protocol, WPA3. However, there is no reason to be alarmed. New security protocol does not mean that its inviolability is guaranteed. The recent mishap of Wi-Fi Protected Access 3 (WPA3), which aims to better protect the wireless links established between an access point (such as a box) and a client (a PC for example), is the ‘drawing. The successor of WPA2, now widely deployed, has just experienced its first misstep. In principle, with WPA3, it is almost impossible to crack the password of a computer network.
However, two researchers specialized in computer security, Eyal Ronen and Mathy Vanhoef (who already distinguished a few years ago with Krack, a major vulnerability that was discovered in 2017 in … WPA2), have uncovered a way to exploit vulnerabilities. Code name: Dragonblood Roughly, the strategy of the two experts is to focus on the key exchange procedure called “Dragonfly handshake”.
To put it simply, this exchange consists of validating the good association between the wireless access point and a terminal that connects to it. In all, five vulnerabilities were identified, all collectively known as “Dragonblood” – an obvious reference to Dragonfly. Their work is presented in a technical document: “These attacks look like password dictionary attacks and allow an opponent [within range of the network that is targeted, note] to recover the password by abusing the timing or auxiliary channel leaks in the cache. Our aux-channel attacks target the method of encoding WPA3 protocol passwords. ” On a site with more accessible explanations, the two authors claim that the flaws involved “may be misused to recover the password of the Wi-Fi network” or be used to “force terminals to use security elements weaker “.
These five vulnerabilities are divided into two categories: one aims to make attacks to downgrade the security of WPA3-compatible devices, the other to exploit the weaknesses of the exchange “Dragonfly handshake”. According to the authors, the exploitation of these vulnerabilities does not require the mobilization of extraordinary resources – even if several conditions must be met in advance to implement them. “The resulting attacks are effective and inexpensive,” they say. Downshift attack “can be exploited with existing WPA2 cracking tools and equipment”. As for the other, it can be used by mobilizing remote computing power – for example by soliciting a cloud computing solution, such as Amazon EC2.
According to the authors, it is for example possible to find by brute force (that is to say by testing all possible combinations) any password up to 8 characters long and contain only lowercase letters, all in a short time. Leasing an EC2 instance for this purpose would cost only $ 125. Do not worry One question remains: are you vulnerable? No. The WPA3 protocol was certainly certified last year by the body that unites manufacturers manufacturing wireless systems, the Wi-Fi Alliance, but equipment that is compatible with this new standard is still very rare. And these are very rare among the general public.
It will take a long time to see WPA3 supplant WPA2. In addition, according to the WiFi Alliance, the vulnerabilities in question are relatively small and they are already subject to software fixes – the two authors have indeed first alerted the consortium that he takes the appropriate measures before publicizing Dragonblood. This is known as responsible disclosure, a practice that gives all parties time to act. “The small number of affected device manufacturers has already started deploying fixes to fix problems. These can all be mitigated by software updates without affecting the ability of devices to work together, “writes the alliance.
In addition, “there is no evidence that these vulnerabilities have been exploited” by malicious third parties. The consortium also points out that WPA3, including some of its modes (WPA3-Personnel), is “in the early stages of deployment”. The implication is clear: it is not abnormal, at this stage to find software gaps, to note the use of cryptographic elements inadequate or to meet concerns about the implementation of WPA3. This is the job of security researchers.