Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Wireless Networking Technology

Dragonblood Vulnerabilities Disclosed in Wi-Fi WPA3 Standard (zdnet.com) 46

Two security researchers disclosed details this week about a group of vulnerabilities collectively referred to as Dragonblood that impact the Wi-Fi Alliance's recently launched WPA3 Wi-Fi security and authentication standard. From a report: If ever exploited, the vulnerabilities would allow an attacker within the range of a victim's network to recover the Wi-Fi password and infiltrate the target's network. In total, five vulnerabilities are part of the Dragonblood ensemble -- a denial of service attack, two downgrade attacks, and two side-channel information leaks.

While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords. Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard's Dragonfly key exchange -- the mechanism through which clients authenticate on a WPA3 router or access point. In a downgrade attack, Wi-Fi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.

This discussion has been archived. No new comments can be posted.

Dragonblood Vulnerabilities Disclosed in Wi-Fi WPA3 Standard

Comments Filter:
  • Let me guess ... (Score:2, Interesting)

    by Anonymous Coward

    Wi-Fi Alliance's recently launched WPA3 Wi-Fi security and authentication standard

    Let me guess ... one of the members insisted on a stupid feature that the marketing department wanted which utterly broke security.

    It seems like as we try to build in new things the time until we find out how flawed the system is keeps dropping.

    All software seems to be shit these days, especially where security is concerned.

    • by gweihir ( 88907 )

      They probably had no real security expert in the design group in the first place. After all, security is easy, right?

      • by skids ( 119237 )

        At least one of them is the same f-up as IKEv2 still has... they don't double-check that the initial negotiation was MITM-free later on into the process. Really you have to take a portion of the keying material and use it to verify the very first packets without exposing the rest of the keying material, then if and only if you have not detected too many "doorknob twists" on that process, continue using the rest of the keying material for the actual session key negotiation.

        For example, say a client supports the elliptic curves P-521 and P-256, and prefers to use them in that order. In that case, even thoug the AP also supports the P-521 curve, an adversary can force the client and AP into using the weaker P-256 curve. This can be accomplished by jamming the messages of the Dragonfly handshake, and forging a message that indicates certain curves are not supported.

        ...which of course can be mitigate

  • No Public Reviews (Score:2, Interesting)

    by Anonymous Coward

    This is what happens when you don't open source your crypto, dipshits.

    In other news, all of the problems for secure wireless have basically been solved. How to exchange an ephemeral key, how to encrypt a block of bytes, how to initialize an IV, all of it. Quit trying to implement QUIC or whatever-other Google-sponsored fucking backdoor adware shit Hitachi fucking wants. Do the right thing and be done with this bullshit.

  • by sinij ( 911942 ) on Thursday April 11, 2019 @10:08AM (#58421312)
    Someone more familiar with cryptography, could you please explain why WPA3 didn't use known-good key exchange methods implemented and tested in modern protocols and instead appears to chose its own method that was found to be vulnerable?
    • by mwfischer ( 1919758 ) on Thursday April 11, 2019 @10:16AM (#58421350) Journal

      thousands of people representing multiple large organizations came together to produce a closed source standard everyone hates.

      • thousands of people representing multiple large organizations came together to produce a closed source standard everyone hates.

        How does the IEEE allow the WiFi Alliance to keep developing these things in secret?

        • by tlhIngan ( 30335 )

          thousands of people representing multiple large organizations came together to produce a closed source standard everyone hates.

          How does the IEEE allow the WiFi Alliance to keep developing these things in secret?

          Because they don't have anything to do with one another.

          The IEEE's purpose is to create the standard for wireless networking, aka the 802.11 standards set. It initially specified an encryption system called WEP as part of it, but given its vulnerabilities, it dropped it and the IEEE decided to not ha

    • The vulnerability breakdown is 1 Denial of Service, 2 down-grades, and 2 side-channel attacks. Downgrade and side-channel attacks are prevalent where backward compatibility functionality exists.
    • Standards are highly influenced by organizations which are motivated to ensure that the internet is not secure (CIA, FSB, Ministry of State Security) so they all intentionally influence them to ensure that they have advanced knowledge of what the keys to the kingdom are. People really need to stop overlooking the fact that the same people who write cryptographic techniques are the same people who are paid to break them later. This is an obvious conflict of interest that will not ever go away. TLDR the inter
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      for the lazy:

      https://www.schneier.com/blog/archives/2018/07/wpa3.html
      https://www.mathyvanhoef.com/2018/06/wpa3-missed-opportunity.html

      basically; not enough mandatory security features allows downgrade attacks.

      this in turn will make a nightmre for security minded admins. fking please, just choose a strong suite and make it all mandatory: ala TLS 1.3
      https://en.wikipedia.org/wiki/Transport_Layer_Security#Key_exchange_or_key_agreement

    • Someone more familiar with cryptography, could you please explain why WPA3 didn't use known-good key exchange methods implemented and tested in modern protocols and instead appears to chose its own method that was found to be vulnerable?

      Fundamentally I don't understand how it is even possible to prevent downgrade attacks given set of facts applicable to this situation. I know of no other protocol capable of achieving this. On its face it appears to be fundamentally impossible.

      With WPA3 initially password is the entire basis of the trust relationship. How do you support automatic backwards compatibility with PSK method from WPA2 subject to offline attack when everything you see upon connecting can be a lie and there is no basis upon whic

    • by gweihir ( 88907 )

      Dysfunctional organizations at work. No surprise.

"When it comes to humility, I'm the greatest." -- Bullwinkle Moose

Working...