Connect with us

Cars

Dragonblood vulnerabilities disclosed in WiFi WPA3 standard

Published

on


Logo: Mathy Vanhoef & Eyal Ronen // Composition: ZDNet

Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance’s recently launched WPA3 Wi-Fi security and authentication standard.

If ever exploited, the vulnerabilities would allow an attacker within the range of a victim’s network to recover the Wi-Fi password and infiltrate the target’s network.

The Dragonblood vulnerabilities

In total, five vulnerabilities are part of the Dragonblood ensemble –a denial of service attack, two downgrade attacks, and two side-channel information leaks.

While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords.

Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard’s Dragonfly key exchange –the mechanism through which clients authenticate on a WPA3 router or access point.

In a downgrade attack, WiFi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.

In a side-channel information leak attack, WiFi WPA3-capable networks can trick devices into using weaker algorithms that leak small ammounts of information about the network password. With repeated attacks, the full password can eventually be recovered.

Downgrade to Dictionary Attack – works on networks where both WPA3 and WPA2 are supported at the same time via WPA3’s “transition mode.” This attack has been confirmed on a recently released Samsung Galaxy S10 device. Explainer below:

If a client and AP both support WPA2 and WPA3, an adversary can set up a rogue AP that only supports WPA2. This causes the client (i.e. victim) to connect using WPA2’s 4-way handshake. Although the client detects the downgrade-to-WPA2 during the 4-way handshake, this is too late. The 4-way handshake messages that were exchanged before the downgrade was detected, provide enough information to launch an offline dictionary attack.

Group Downgrade Attack – works when WPA3 is configured to work with multiple groups of cryptographic algorithms, instead of just one. Basic downgrade attack. Explainer below:

For example, say a client supports the elliptic curves P-521 and P-256, and prefers to use them in that order. In that case, even thoug the AP also supports the P-521 curve, an adversary can force the client and AP into using the weaker P-256 curve. This can be accomplished by jamming the messages of the Dragonfly handshake, and forging a message that indicates certain curves are not supported.

Cache-Based Side-Channel Attack (CVE-2019-9494) – exploits the Dragonfly’s protocol’s “hunting and pecking” algorithm. High-level explainer below.

If an adversary can determine which branch of the if-then-else branch was taken, they can learn whether the password element was found in a specific iteration of this algorithm. In practice we found that, if an adversary can run unprivileged code on the victim machine, we were able to use cache-based attacks to determine which branch was taken in the first iteration of the password generation algorithm. This information can be abused to perform a password partitioning attack (this is similar to an offline dictionary attack).

Timing-Based Side-Channel Attack (CVE-2019-9494) – exploits WPA3’s “multiplicative groups” feature. Explainer below:

When the Dragonfly handshake uses certain multiplicative groups, the password encoding algorithm uses a variable number of iteratins to encode the password. The precise number of iterations depends on the password being used, and the MAC address of the AP and client. An adversary can perform a remote timing attack against the password encoding algorithm, to determine how many iterations were needed to encode the password. The recovered information can be abused to perform a password partitioning attack, which is similar to an offline dictionary attack.

More detailed explanations for each of these vulnerabilities are available in an academic paper authored by Mathy Vanhoef and Eyal Ronen, titled “Dragonblood: A Security Analysis of WPA3’s SAE Handshake” –or this website dedicated to the Dragonblood vulnerabilities.

Dargonblood also impacts EAP-pwd

Besides WPA3, researchers said the Dragonblood vulnerabilities also impact the EAP-pwd (Extensible Authentication Protocol) that is supported in the previous WPA and WPA2 WiFi authentication standards.

“We […] discovered serious bugs in most products that implement EAP-pwd,” the research duo said. “These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password.”

The two researchers didn’t publish details how the Dragonblood vulnerabilities impact EAP-pwd because the patching process is still in progress. They did, however, publish tools that can be used to discover if WPA3-capable devices are vulnerbale to any of the major Dragonblood flaws.

Fixes for WPA3 are available

On the other hand, the WiFi Alliance announced today a security update for the WPA3 standard following Vanhoef and Ronen’s public disclosure of the Dragonblood flaws.

“These issues can all be mitigated through software updates without any impact on devices’ ability to work well together,” the WiFi Alliance said today in a press release. Vendors of WiFi products will now have to integrate these changes into their products via firmware updates.

Vanhoef is the same security researcher who in the fall of 2017 disclosed the KRACK attack on the WiFi WPA2 standard, which was the main reason the WiFi Alliance developed WPA3 in the first place.

More vulnerability reports:

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cars

Mercedes-Benz unveils T-Class and EQT all-electric concept based on new Renault Kangoo

Published

on

We weren’t expecting Mercedes-Benz to unveil an MPV or small van, much less an all-electric microvan, but here it is. First off, the Mercedes EQT concept looks fantastic. It mends the styling attributes of a practical people carrier and a small luxury conveyance. Mercedes-Benz will debut two versions of the T-Class: Internal combustion (gasoline and diesel) and the EQT all-electric version.

“We are expanding our portfolio in the small van segment with the forthcoming T-Class,” said Marcus Breitschwerdt, Head of Mercedes-Benz Vans. “It will appeal to families and all those private customers, whatever their age, who enjoy leisure activities and need a lot of space and maximum variability without forgoing comfort and style.”

Let’s start with the Mercedes T-Class, the one arriving with a slew of gasoline and diesel engines in Europe. Based on the all-new, third-gen Renault Kangoo, the T-Class is riding on Renault’s CMF-B platform, capable of supporting internal combustion and all-electric powertrains.

Measuring 4,945 mm in length, 1,863 mm wide, and 1,866 mm high, the T-Class has seven seats, two sliding doors, and second-row seats that can accommodate up to three child seats. The concept is wearing premium white Nappa leather upholstery, but we’re expecting the production version to get wear-resistant nylon materials in lower-trim models.

Of course, MBUX infotainment will come standard, and Mercedes promises the dashboard and control layouts of the concept will make it to production. It will arrive with a slew of advanced safety features and driving aids like automatic emergency braking, lane assist, adaptive cruise control, trailer stability control, and crosswind assist, to name a few.

Meanwhile, the EQT all-electric version is a hardware clone of the Renault Kangoo E-Tech Electric model, and it’s the ninth member of Mercedes-Benz’s all-electric EQ family. The concept bears tasty exterior bits like a black panel grille with 3D star-effect lighting, futuristic LED taillights, and a full-width LED light bar in the rear. It also has 21-inch aero wheels wrapped in low-profile tires and a unique bottle-shaped panoramic glass roof.

Admittedly, the production EQT will be a toned-down version of the concept seen here. Then again, Mercedes-Benz claims the packaging, body style, and practical features will remain unchanged, and that’s good news. Powertrain options for the EQT remain unannounced, but we have an idea.

Most likely, the EQT will have a single electric motor pumping out 101 horsepower, drawing juice from a 45 kWh battery pack as the Renault Kangoo E-Tech Electric. The driving range is around 165 miles using the WLTP cycle.

The Mercedes-Benz T-Class and EQT will make their official debut later this year. Production is at Renault’s MCA factory in Maubeuge, France, where both the T-Class and EQT are built alongside the Renault Kangoo and Kangoo E-Tech Electric.

Continue Reading

Cars

Porsche makes a huge promise for its most important EV

Published

on

The Porsche Taycan showed the German sports car company was taking EVs seriously, but it’ll be the arrival of the new Macan EV which really tips the scales toward electrification. Porsche isn’t quite ready to unveil the all-electric Macan quite yet, but it’s already making some big promises about the EV version of its best-seller.

It’s fair to say the Macan has been a huge deal for Porsche. Though the automaker may be best known for its 911 sports car, available as a coupe, a convertible, and a Targa, it’s crossovers and SUVs which have padded the bottom line for some time now.

In Q1 2021, for example, Macan led Porsche sales in North America, closely followed by its bigger Cayenne sibling. Indeed, Porsche sold more examples of the Macan in those three quarters than it did 911 and 718 models combined. In short, if you’re going to make an all-electric version of your most popular nameplate, you need to get it absolutely right.

Porsche’s answer to that challenge is built on the Premium Platform Electric (PPE), an electric-only architecture the automaker co-developed with VW Group stablemate Audi. Indeed, the Macan EV will be the first Porsche product to use PPE. Focused on luxury performance electric vehicles – rather than mainstream EVs as VW Group’s MEB is focused on – there’s plenty of flexibility in how PPE can be configured.

For example, Porsche and Audi have already talked about the capability of rear-wheel drive single motor setups, and all-wheel drive dual motor versions. Body styles, too, can be configured in multiple ways, with up to a 100 kW battery pack nestled into the wheelbase. In the case of the Audi A6 e-tron – a barely-disguised nod to the upcoming luxury electric car the automaker has planned for a few years out – that means a sedan, but PPE can just as easily be adapted for crossovers, SUVs, and other designs. Audi, for example, will use the platform for its Q6 all-electric SUV that’s expected to be unveiled at the end of 2022.

The all-electric Porsche Macan, meanwhile, is being planned for 2023, the automaker says. It’ll use 800-volt architecture – like the Taycan and Taycan Cross Turismo – for faster charging times along with greater performance. Indeed, Porsche isn’t holding back on its speed commitment, promising “the all-electric Macan will be the sportiest model in its segment.”

For the moment, physical prototype Macan EV models are just headed out to the road. Porsche’s development so far has been virtual, using simulations to model the design of the crossover EV more effectively. That includes the aerodynamic work which is so important for electric vehicles, to cut drag and improve range.

In parallel, however, there’ll also be another conventionally-powered version of the Macan – using gas engines still – that will be on sale alongside the Macan EV.

“Demand for electric vehicles continues to rise, but the pace of change varies considerably across the world,” Michael Steiner, Member of the Executive Board at Porsche, explains. “That’s why we’re going to launch another conventionally powered evolution of the current Macan in the course of 2021.”

Continue Reading

Cars

Subaru Solterra electric SUV confirmed as brand’s first AWD EV

Published

on

Subaru has revealed details on its new, first all-electric model, and if you were worried there wouldn’t be enough EV SUVs around to choose between, the Subaru Solterra should settle those concerns. The new name is a combination of the Latin words for “Sun” and “Earth,” the automaker says, in a nod to its “commitment to deliver traditional SUV capabilities in an environmentally responsible package.”

That is, of course, pretty much what every automaker says about their new electric vehicle. What could make the Subaru Solterra special is the e-SUBARU Global Platform it debuts.

It’s the handiwork of a collaboration between Subaru and Toyota. Subaru contributed its experience with all-wheel drive, while Toyota brought the electrification part to the recipe. We should see the Solterra launch in 2022, across the US, Canada, China, Europe, and Japan.

The automaker is tight-lipped on just what to expect from e-SUBARU, though we do have some prior knowledge. On Toyota’s side, the architecture is known as e-TNGA, and it’s designed from the outset to be especially flexible. Toyota, for example, is talking about using it for front-, rear-, and all-wheel drive configurations.

Only a handful of dimensions are fixed: the length and width of the motors, for example, and the battery pack which is mounted under the cabin. Everywhere else – including front and rear overhangs, overall vehicle width, and wheelbase – there’s flexibility to adjust size, depending on the requirements of segment, cabin space, and room for cargo.

Toyota plans to tap that flexibility for a whole series of EVs, not just the C-segment SUVs that both it and Subaru have already confirmed are on the roadmap. For Subaru, so far only the Solterra has been announced. It also seems likely that – given the brand’s reputation for AWD – it’ll skip any front- or rear-wheel drive versions.

What isn’t uncertain is that Subaru is onboard with the idea that electrification is the future. Back in January 2020, the automaker predicted that by mid-2030 it would be building electric vehicles only.

Still to be confirmed about this first example of Subaru’s EV strategy are details like power and range, not to mention pricing. In the US, Subaru is still at the start of its federal tax credits for EVs, relatively speaking, given currently it only offers PHEVs not full-electric models in its range. That could help take some of the sting out of any price premium that the new electric platform might demand. We’ll know more as the Solterra gets closer to launch.

Continue Reading

Trending