Wi-Fi WPA3 Standard Fails Again as New ‘Dragonblood’ Bugs Found

The Wi-Fi Alliance’s WPA3 standard is under fire again. This time, researchers find more vulnerabilities that could lead to passcodes being cracked.

It’s the same team that found the first five Dragonblood bugs—in April. Now they’re adding two more, also concluding it’s even easier than they thought to crack keys from side-channel leaks.

This just adds to the chorus of criticism aimed at the Wi-Fi Alliance for developing standards in secret. In today’s SB Blogwatch, we open our kimono.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: DIY supercaps.


WPA3 FAIL

What’s the craic? Novak Bozovic reports—“Two New Dragonblood Vulnerabilities”:

 Back in April, [we] reported about five vulnerabilities in the Wi-Fi WPA3 standard. Collectively known as ‘Dragonblood Vulnerabilities’, these allow attackers to take advantage of WPA3 … cryptographic operations with the goal of stealing Wi-Fi passwords.

The two cyber-security researchers that … found the initial vulnerabilities have now discovered two additional bugs.

The Wi-Fi Alliance is now updating the Wi-Fi standard with proper defenses. … If you’re concerned about your privacy, you should wait for a firmware update for your router.

Details. We want ’em. Catalin Cimpanu has ’em—“Vulnerabilities found in WiFi WPA3 standard”:

 in April, two security researchers disclosed … five vulnerabilities (collectively known as Dragonblood) in the Wi-Fi Alliance’s recently launched WPA3 … security and authentication standard. Yesterday, the same security researchers disclosed … additional bugs.

Mathy Vanhoef and Eyal Ronen — found these two new bugs in the security recommendations the WiFi Alliance created for equipment vendors. [Vanhoef] is the one who discovered the KRACK attack that broke the WPA2 … standard and forced the Wi-Fi Alliance to develop the WPA3 standard.

The first bug is CVE-2019-13377 and this impacts the WPA3’s Dragonfly handshake when using Brainpool curves. Dragonfly is the key exchange mechanism.

The second bug is CVE-2019-13456 and this impacts the EAP-pwd implementation in the FreeRADIUS framework … supported in the previous WPA and WPA2 WiFi authentication standards, that is also supported for legacy purposes in WPA3.

The horses’ mouths? Mathy Vanhoef and Eyal Ronen detail “New Results”:

 We found that using Brainpool curves introduces a second class of side-channel leaks in the Dragonfly handshake. [So] even if the advice of the Wi-Fi Alliance is followed, implementations remain at risk of attacks. This demonstrates that implementing Dragonfly and WPA3 without side-channel leaks is surprisingly hard.

We confirmed the new Brainpool leak in practice against the lastest Hostapd version, and were able to brute-force the password using the leaked information. … More worrisome, we found that the Wi-Fi firmware of Cypress chips only executes 8 iterations at minimum to prevent side-channel leaks. … This strengthens our hypothesis that the backwards-compatible countermeasures … are too costly for lightweight devices.

Timing attacks against EAP-pwd clients are feasible in practice as well. … It’s exceptionally hard to implement all parts of WPA3 without introducing side-channel leaks.

It also, once again, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept.

With which @InfosecFM firmly agrees:

 Wpa3 [is] fail number 4. When can we make a standard as crucial as WiFi open source?

But Tom Hollingsworth—@NetworkingNerd—balances that with:

 It’s a fair point about the lack of open source involvement, but are they wanting an IEEE/IETF style arrangement where standards take years because of egos?

However, WaffleMonster points out these aren’t bugs in the specification itself:

 Timing side channels are implementation bugs.

Downgrade attacks were obvious to all out of the gate. The only way to win is not to allow it in the first place.

How easy is it to exploit these bugs? Eduard Kovacs found this wrinkle in the new research:

 [The] researchers have found … it only takes $1 worth of AWS computing power to obtain the password.

Wi-Fi? AHuxley don’t need no stinkin’ Wi-Fi:

 Just use ethernet. … Any device with wifi? Turn off wifi. Plug in the ethernet.

Meanwhile, jezwel offers a pragmatic solution:

 I set all my passwords to Hunter2, what’s the point of trying to remember them all when they’re gonna get cracked anyway?

And Finally:

Build A Super Simple Supercapacitor Step by Step


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Grant Scharoff (cc:by-sa)

Featured eBook
Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Digital transformation requires new approaches to security, demanding the protection of machine identities that enable authentication and encryption required for secure machine-to-machine communication. Solving machine identity protection challenges within DevOps environments, requires a fundamentally new approach. Information Security teams must deliver a frictionless, automated solution that allows DevOps engineers to seamlessly provision and manage certificates ... Read More
Venafi

Richi Jennings

Richi is a foolish independent industry analyst, editor, writer, and fan of the Oxford comma. He’s previously written or edited for Computerworld, Petri, Microsoft, HP, Cyren, Webroot, Micro Focus, Osterman Research, Ferris Research, NetApp on Forbes and CIO.com. His work has won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 70 posts and counting.See all posts by richi