‘Dragonblood’ Flaw In WPA3 Lets Hackers Easily Grab Your Wi-Fi Passwords

In late 2017, KRACK Attack crippled the popular 13-year-old WPA2 Wi-Fi standard used in our homes, offices, and public networks. The flaw allowed hackers to gain access to unencrypted traffic between the access point and the device — there were possibilities of breaking encryption as well.

Months later, the Wi-Fi Alliance released the WPA3 protocol to bring improved wireless security to users as well as to those who didn’t meet the minimum password security requirements. Now, it seems that even WPA3 isn’t completely secure due to some inherent design flaws. The newly found flaws can help an attacker to crack the passwords and further access the encrypted traffic exchange taking place among the devices.

In a research paper titled Dragonblood, published by security researchers Mathy Vanhoef and Eyal Ronen, it has been revealed that WPA3’s secure handshake called Simultaneous Authentication of Equals (SAE), commonly known as Dragonfly, is affected by password partitioning attacks.

For those who don’t know, such attacks are very much like the popular dictionary brute-forcing attacks coupled with the abuse of cache-based side channel leaks. “These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password,” the researchers wrote.

What makes this attack even more worrying is its cost-effectiveness and high efficiency. For example, to brute-force an 8-character lowercase password, one needs to spend less than $125 to run calculations in the cloud.

The researchers have made recommendations that WPA3 protocol doesn’t meet the standards when it comes to ensuring the security of our Wi-Fi networks and that it needs further improvement. However, they’ve called it an improvement over the WPA2 standard.

The researchers have also informed the Wi-Fi Alliance about these flaws, and they’ve worked closely with the organization to fix the issue. The patches for the same have been released, and they’ll be made available via the usual software updates on different devices. So, updating your devices and installing the latest patches is the only way to move forward.

Also Read: Your Android Phone Is Now A Physical Security Key — Here’s How To Use It

Share
Published by

Recent Posts

  • News
  • Security

WhatsApp, Telegram Vulnerable To ‘Media File Jacking’: Change Your Settings Now!

Instant messaging apps like WhatsApp and Telegram keep your messages encrypted in transit, but once a media file reaches your…

July 15, 2019
  • Offer

Best Prime Day Deals For 2019 On Amazon US (So far…)

Amazon is back with the extremely cheap deals that it uses to lure shopping addicts. Just like last year, we…

July 15, 2019
  • News
  • Tech

Realme X With 16MP Popup Camera And SD 710 Launched In India

Realme's much-awaited smartphone Realme X has finally launched in India today. The smartphone comes with a 6.53-inches Full HD+ Super…

July 15, 2019
  • News
  • Science
  • Tech

Scientists Capture First-Ever Image Of Quantum Entanglement

Albert Einstein, the famous physicist, described quantum entanglement as "spooky action at a distance." The phenomenon is said to occur…

July 15, 2019
  • DriveX
  • News

Maruti Suzuki Ertiga Electric Could Be Your Next ‘Green’ SUV

Maruti Suzuki Ertiga is rumored to be the next electric car in the company's stable, according to LiveMint. The news…

July 15, 2019
  • Geek
  • News

RetroArch Emulation Platform Is Coming To Steam On July 30

In what appears to be the biggest emulation platform launch so far, the popular emulator RetroArch is coming to Steam…

July 15, 2019