Researchers have discovered new vulnerabilities that affect the Wi-Fi WPA3 standard. Referred to collectively as Dragonblood, the vulnerabilities allow attackers to steal network password and infiltrate the target’s network.
Specifically, Dragonblood comprises a total of five vulnerabilities. These vulnerabilities consist of a denial of service attack, two downgrade attacks, and two side-channel information leaks. The denial of service attack is not really significant, it only crashes the WPA3 compatible access point. The remaining four, on the other hand, are the ones that the Wi-Fi Alliance is warning people about.
In a downgrade attack, the Wi-FI WPA3 standard is forced into using an older password exchange system. The older system (WPA2) is more insecure and has a handful of vulnerabilities for attackers to exploit.
Additionally, the side channel leak attacks trick the devices into using a weaker algorithm to leak fragments of information about the network password. Eventually, the attackers will collect enough information to piece it together and recover the entire password for the network.
Fortunately, the Wi-Fi Alliance swiftly responded to the issue; it says that it will be releasing a security patch for the WPA3 standard. After which, it will be up to vendors to send out the security patch via firmware updates to their Wi-Fi products.
(Source: XDA Developers, Mathy Vanhoef and Eyal Ronen, Wi-Fi Alliance)
