Dragonblood Vulnerabilities Are Discovered to Impact WPA3 Wi-Fi Security and Passwords

We’re about to step into the third decade of the 21st century, and yet passwords remain crucial for our cybersecurity. In this entry, we would like to talk more about Wi-Fi security, and how passwords can be leaked even with the newest security protocols in use.

We are spurred by the latest findings related to the WPA3 Wi-Fi security protocol, which should make the password cracking virtually impossible. Unfortunately, there are cracks in this impenetrable wall that could be exploited by cybercriminals. We will discuss these vulnerabilities, and we will also talk about Wi-Fi security measures any regular user can enforce.

What is WPA3?

We have covered WPA3 extensively in our blog before, but let’s recap a little bit if you have forgotten about this protocol or you are just hearing about it for the first time.

To put it simply, WPA stands for “Wi-Fi Protected Access.” These are Wi-Fi security protocols created and developed by the Wi-Fi Alliance. To leave the tech-speak behind, those protocols are there to make Wi-Fi networks safer. They’re there to make sure that not just anyone can connect to a network. Let’s think of a WPA as a lock that protects a certain wireless network.

And so, WPA3 is the newest “lock” that offers a higher Wi-Fi security standard. WPA3 comes with something that is called the “Dragonfly handshake.” Every WPA has a handshake. As you can probably tell from the name, it refers to a certain connection. A WPA handshake is a connection between the Wi-Fi network and the device that is trying to access it. And the WPA3 protocol comes with an improved type of handshake. The developers maintain that the Dragonfly handshake makes it impossible for hackers to record the four-way handshake, thus rendering them unable to launch an offline dictionary attack.

To delve a little bit deeper into this, WPA3 comes with four new features and the Dragonfly handshake is one of them. Aside from making it almost impossible to hack into the network, it also provides forward secrecy. The new Wi-Fi security protocol also gives the user a new secure method to add devices to the network, and it has protective mechanisms that use unauthenticated encryption to protect devices in open networks. Finally, it comes with increased key sizes (192-bit), and they will be mandatory if the entity is certified as WPA3-Enterprise.

So, everything looks nice and secure, but if it were perfect, we wouldn’t be writing this entry, right? Why are we still concerned about how passwords are leaked if we have this new Wi-Fi security protocol that should make things super secure?

Well, every new entity that is related to cybersecurity requires double-checking. And we are sure that the Wi-Fi Alliance was very thorough in creating the new security protocol, but a little bit of third-party research is always a good idea. Consequently, security researches Mathy Vanhoef and Eyal Ronen have analyzed the Dragonfly handshake and they discovered several vulnerabilities that could severely dent the Wi-Fi security offered by WPA3. They have called these vulnerabilities Dragonblood, and discussed them in greater detail in their findings.

What is Dragonblood?

We could say that Dragonfly handshake has two major flaws. Those are downgrade attacks and side-channel leaks. Both flaws can be exploited by stealing Wi-Fi network passwords. If anyone could break into the network after obtaining the network password, then the Wi-Fi security would be compromised, and the attackers could easily read such sensitive data as the credit card numbers, chatting messages, emails, personal passwords, and so on.

The researchers have also found vulnerabilities in the Extensible Authentication Protocol (EAP) that is used by WPA3. This authentication framework is not an authentication mechanism, but it helps other authentication methods work. It’s like a mediator that enables around forty different authentication methods to function properly. Vanhoef and Ronen say that one of these methods, EAP-pwd, can be considered a liability when it comes to WPA3 security.

If someone manages to design an attack against EAP-pwd, they could recover the user’s passwords and, as a result, the criminals could impersonate any user without the need to steal passwords directly. Luckily, this authentication framework isn’t used frequently, but the security issue is real, and it should definitely be addressed in the future to enhance Wi-Fi security.

What’s more, when researchers unearth vulnerabilities in important security protocols, software, or other entities related to cybersecurity, they notify the concerned parties immediately. Consequently, this helps them improve their products and services. As far as the Dragonblood vulnerability is concerned, the Wi-Fi Alliance also issued the following statement on their website:

Recently published research identified vulnerabilities in a limited number of early implementations of WPA3™-Personal <…> do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements. <…> These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited.

This shows that software and security developers are aware of the latest research, and they react to it accordingly. In other words, regular users don’t need to lose sleep thinking how their passwords are leaked. Regular users should just do whatever it is possible on their part to ensure their Wi-Fi network security.

What could a regular user do though? Well, for one, do not leave your Wi-Fi network open, and always protect it with a strong password. Your network provider should give you a default router password when your network is set up, but you can always change it into something stronger. If you find it hard to come up with strong passwords yourself, you can always use a free password manager tool that would generate unique passwords for you automatically.

Also, you do not need to worry about Dragonblood and WPA3 as of yet. This security protocol is still in its testing stages, so by the time it gets adopted globally, you can be sure that most of its vulnerabilities and bugs will be fixed. Wi-Fi security specialists agree that WPA3 is still safer than WPA2, and if your router supports the WPA3, you just need to make sure that it has the latest updates.

May 13, 2019