A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen
We first met this team of experts in April when they discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.
The WiFi Protected Access 3
The WPA Wireless security standard was designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and to establish secure connections that hackers cannot spy on.
WPA3 replaced the WPA2 that is currently used by billions of devices every day, it implements important improvements for Wi-Fi enabled devices, it aims at enhancing configuration, authentication, and encryption issues.
The new standard leverages SAE (Simultaneous Authentication of Equals) handshake to introduce the use of forward secrecy in order to protect communications in case the secret password has been compromised.
The Enterprise mode implements 192-bit encryption for networks that require extra security.
Now Dragonblood experts devised two new
The first issue, tracked as CVE-2019-13377, is a timing-based side-channel attack against WPA3’s Dragonfly handshake when using Brainpool curves.
“During our initial disclosure, the Wi-Fi Alliance privately created security recommendations to mitigate our attacks. In these recommendations, they claim that Brainpool curves are safe to use, at least if products securely implement Dragonfly’s quadratic residue test (i.e.
“However, we found that using Brainpool curves introduces the second class of side-channel leaks in the Dragonfly handshake of WPA3. In other words, even if the advice of the WiFi Alliance is followed, implementations remain at risk of attacks.”
Experts pointed out that the new
The second issue, tracked as CVE-2019-13456, is an information leak flaw that resides the implementation of EAP-
“Apart from this, we also discovered a new implementation-specific side-channel in the EAP-
The security duo reported their findings to the WiFi Alliance that addressed the issues with an update, but the mitigations wouldn’t be compatible with the initial version of WPA3.
Experts detailed their research in a paper Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-