WPA3 Already Broken

Many of you have heard about WPA because it is used on all modern wireless networks to keep your network, and your network traffic, safe and secure. WPA stands for Wi-Fi Protected Access. The first iteration of WPA was in 2003 and replaced WEP (Wired Equivalent Privacy). In 2006, WPA2 was released and we have been living with this standard for 13 years. In 2017, hackers were successful in cracking WPA2, and several patches have been issued to maintain WPA2.

WPA3 was released in June 2018 and claimed to be the most secure version ever released and extremely difficult to attack. Another goal of WPA3 was easy implementation on IoT devices. WPA3 is a new technology and because it is not widely implemented, it was designed to be backwards compatible with WPA2. WPA3 is based on a more secure handshake known as Dragonfly. Dragonfly is designed to protect Wi-Fi networks against offline dictionary attacks.

The vulnerabilities found in WPA3 have been named Dragonblood. There is a total of 5 vulnerabilities- a denial of service attack (DoS), two downgrade attacks, and two side-channel information leaks. The DoS attack only impacts the local access point and there is no compromise of data or password leakage. The two side channel vulnerabilities are much more serious, however. They have been labeled in the CVE catalog as Cache-Based Side-Channel Attack (CVE-2019-4994) and Timing-Based Side-Channel Attack (CVE-2019-9494). For more information about Dragonblood, go to https://wpa3.mathyvanhoef.com/.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs