Connect with us

Cars

Dragonblood vulnerabilities disclosed in WiFi WPA3 standard

Published

on


Logo: Mathy Vanhoef & Eyal Ronen // Composition: ZDNet

Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance’s recently launched WPA3 Wi-Fi security and authentication standard.

If ever exploited, the vulnerabilities would allow an attacker within the range of a victim’s network to recover the Wi-Fi password and infiltrate the target’s network.

The Dragonblood vulnerabilities

In total, five vulnerabilities are part of the Dragonblood ensemble –a denial of service attack, two downgrade attacks, and two side-channel information leaks.

While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords.

Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard’s Dragonfly key exchange –the mechanism through which clients authenticate on a WPA3 router or access point.

In a downgrade attack, WiFi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.

In a side-channel information leak attack, WiFi WPA3-capable networks can trick devices into using weaker algorithms that leak small ammounts of information about the network password. With repeated attacks, the full password can eventually be recovered.

Downgrade to Dictionary Attack – works on networks where both WPA3 and WPA2 are supported at the same time via WPA3’s “transition mode.” This attack has been confirmed on a recently released Samsung Galaxy S10 device. Explainer below:

If a client and AP both support WPA2 and WPA3, an adversary can set up a rogue AP that only supports WPA2. This causes the client (i.e. victim) to connect using WPA2’s 4-way handshake. Although the client detects the downgrade-to-WPA2 during the 4-way handshake, this is too late. The 4-way handshake messages that were exchanged before the downgrade was detected, provide enough information to launch an offline dictionary attack.

Group Downgrade Attack – works when WPA3 is configured to work with multiple groups of cryptographic algorithms, instead of just one. Basic downgrade attack. Explainer below:

For example, say a client supports the elliptic curves P-521 and P-256, and prefers to use them in that order. In that case, even thoug the AP also supports the P-521 curve, an adversary can force the client and AP into using the weaker P-256 curve. This can be accomplished by jamming the messages of the Dragonfly handshake, and forging a message that indicates certain curves are not supported.

Cache-Based Side-Channel Attack (CVE-2019-9494) – exploits the Dragonfly’s protocol’s “hunting and pecking” algorithm. High-level explainer below.

If an adversary can determine which branch of the if-then-else branch was taken, they can learn whether the password element was found in a specific iteration of this algorithm. In practice we found that, if an adversary can run unprivileged code on the victim machine, we were able to use cache-based attacks to determine which branch was taken in the first iteration of the password generation algorithm. This information can be abused to perform a password partitioning attack (this is similar to an offline dictionary attack).

Timing-Based Side-Channel Attack (CVE-2019-9494) – exploits WPA3’s “multiplicative groups” feature. Explainer below:

When the Dragonfly handshake uses certain multiplicative groups, the password encoding algorithm uses a variable number of iteratins to encode the password. The precise number of iterations depends on the password being used, and the MAC address of the AP and client. An adversary can perform a remote timing attack against the password encoding algorithm, to determine how many iterations were needed to encode the password. The recovered information can be abused to perform a password partitioning attack, which is similar to an offline dictionary attack.

More detailed explanations for each of these vulnerabilities are available in an academic paper authored by Mathy Vanhoef and Eyal Ronen, titled “Dragonblood: A Security Analysis of WPA3’s SAE Handshake” –or this website dedicated to the Dragonblood vulnerabilities.

Dargonblood also impacts EAP-pwd

Besides WPA3, researchers said the Dragonblood vulnerabilities also impact the EAP-pwd (Extensible Authentication Protocol) that is supported in the previous WPA and WPA2 WiFi authentication standards.

“We […] discovered serious bugs in most products that implement EAP-pwd,” the research duo said. “These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password.”

The two researchers didn’t publish details how the Dragonblood vulnerabilities impact EAP-pwd because the patching process is still in progress. They did, however, publish tools that can be used to discover if WPA3-capable devices are vulnerbale to any of the major Dragonblood flaws.

Fixes for WPA3 are available

On the other hand, the WiFi Alliance announced today a security update for the WPA3 standard following Vanhoef and Ronen’s public disclosure of the Dragonblood flaws.

“These issues can all be mitigated through software updates without any impact on devices’ ability to work well together,” the WiFi Alliance said today in a press release. Vendors of WiFi products will now have to integrate these changes into their products via firmware updates.

Vanhoef is the same security researcher who in the fall of 2017 disclosed the KRACK attack on the WiFi WPA2 standard, which was the main reason the WiFi Alliance developed WPA3 in the first place.

More vulnerability reports:

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cars

Can You Use An Xbox Controller On Nintendo Switch?

Published

on

It’s worth noting that some of the Xbox controller’s functions do not work on Switch, nor are many of the Switch’s unique features supported by the controller. Specifically, it lacks support for rumble, NFC, analog triggers, trigger vibration, the audio jack, IR input, and the LED doesn’t correlate to any Switch functions, including player indicators. You also can’t wake the Switch up from sleep using the controller.

You’ll also want to keep in mind that Xbox controllers swap the positions of several face buttons in relation to Switch controllers, so the labels won’t match up perfectly. For instance, the positioning of the “A” and “B” buttons on the Xbox controller correspond to “B” and “A” on the Switch controller, respectively. The same is true for the “X” and “Y” buttons. Otherwise, the Switch’s controller scheme perfectly matches the Xbox controller’s available buttons and triggers.

None of this is the fault of the 8Bitdo adapter. These limitations are simply the byproduct of marrying two devices that were not designed to work together. If that’s a dealbreaker, then your best bet is to buy an officially licensed Nintendo Switch controller. The best alternative for Xbox fans is Nintendo’s official Pro Controller.

Continue Reading

Cars

The Incredible Capabilities Of The US Air Force’s New Supersonic Training Jet

Published

on

According to the USAF, Boeing will produce over 350 Red Hawk aircraft as part of a contract worth more than $9.2 billion. There’s also speculation that the Red Hawk’s design could be easily modified to incorporate radar systems, electronic warfare equipment, or under-wing weapon stations, making it an attractive purchase for other U.S. military branches or even international allies.

The training jet features a glass touchscreen cockpit that provides a more modern flair — as well as a more practical piloting experience, one would hope — and tiered seating, so both the instructor and the trainee have sufficient ability to pilot the aircraft without visual obstructions.

Production models of the T-7A Red Hawk sport a red tail section, a reference to the red-painted tails of the aircraft flown during World War II by the 99th Fighter Squadron, better known as the “Tuskegee Airmen.” One of the planes they flew was the Curtiss P-40 Warhawk, which influenced the design of the T-7A Red Hawk.

In the same tradition of equality that the Red Hawk’s name and design aspire to embody, the training jet is built to safely accommodate a wider variety of pilot body types and sizes than previous jets, allowing for a larger recruiting pool including more women than has historically been the case. Let’s hope similar updates make their way to the USAF’s other next-gen aircraft.

Continue Reading

Cars

How To Transfer Digital Games To A New Nintendo Switch

Published

on

Let’s say you’ve just gotten ahold of a brand-new Nintendo Switch console, but this isn’t your first. Maybe it’s an upgrade to the fancy OLED model, perhaps you’ve been sharing with family, and this one is just for you. Whatever the reason, if you already have or have had a Switch, and now you have a new one, you don’t have to start building up an entirely new games library (or even start your games over).

Thankfully there are ways to transfer your digital games from one Switch to another, along with your user accounts and saves. While the process is a bit different depending on whether you have access to that original Switch console, it’s still doable either way. Just know that it might take a little more effort without the console where all of your info was previously saved. And you’ll likely lose any game progress that wasn’t backed up using Cloud saves.

If you still have the original Switch console

Assuming you do have both the previous Switch and the new one you want to transfer everything over to, here’s what you do:

  1. From the original Switch, open System Settings (the icon looks like a gear) on the Home menu.
  2. Select Users, then select Transfer Your User Data.
  3. Select Next twice, and then choose Source Console to mark this Switch as the transferrer.
  4. Select Continue, then grab the new Switch console to which you want to move everything.
  5. From the new Switch, open System Settings and select Users, then Transfer Your User Data.
  6. Select Next, Next again, then choose Target Console to designate this Switch as the transferee.
  7. Select Sign-in, then sign into your Nintendo Account using either the associated email or sign-in ID.
  8. Select Sign-in, then Next, then go back to the original Switch.
  9. Wait for the systems to find each other, then select Transfer.
  10. Wait until the transfer is complete (this may take several minutes), then select End to finish.

If you no longer have the original Switch console

Things are a little more time-consuming without access to the original Switch console on which your account was created or primarily used. Also, note that any saved data that hasn’t been backed up via Cloud storage will not be able to carry over.

  1. First, ensure the original Switch console has been deactivated (via Nintendo), which can be done remotely through your Nintendo Account via the official website.
  2. Next, if you haven’t done it yet, link your Nintendo Account (via Nintendo) to the new Switch console.
  3. Log into the eShop on the Switch using your Nintendo Account, which will designate it as the primary console.
  4. You can download cloud backups of your game saves — if you have a Switch Online subscription and have been using the feature.
  5. You can also access your account’s download history through the eShop and begin installing any of the digital games you’ve previously purchased. This will, of course, take longer when dealing with more or larger games and will require an adequate amount of storage space.

Continue Reading

Trending