Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance’s recently launched WPA3 Wi-Fi security and authentication standard.
If ever exploited, the vulnerabilities would allow an attacker within the range of a victim’s network to recover the Wi-Fi password and infiltrate the target’s network.
The Dragonblood vulnerabilities
In total, five vulnerabilities are part of the Dragonblood ensemble –a denial of service attack, two downgrade attacks, and two side-channel information leaks.
While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords.
Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard’s Dragonfly key exchange –the mechanism through which clients authenticate on a WPA3 router or access point.
In a downgrade attack, WiFi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.
In a side-channel information leak attack, WiFi WPA3-capable networks can trick devices into using weaker algorithms that leak small ammounts of information about the network password. With repeated attacks, the full password can eventually be recovered.
Downgrade to Dictionary Attack – works on networks where both WPA3 and WPA2 are supported at the same time via WPA3’s “transition mode.” This attack has been confirmed on a recently released Samsung Galaxy S10 device. Explainer below:
If a client and AP both support WPA2 and WPA3, an adversary can set up a rogue AP that only supports WPA2. This causes the client (i.e. victim) to connect using WPA2’s 4-way handshake. Although the client detects the downgrade-to-WPA2 during the 4-way handshake, this is too late. The 4-way handshake messages that were exchanged before the downgrade was detected, provide enough information to launch an offline dictionary attack.
Group Downgrade Attack – works when WPA3 is configured to work with multiple groups of cryptographic algorithms, instead of just one. Basic downgrade attack. Explainer below:
For example, say a client supports the elliptic curves P-521 and P-256, and prefers to use them in that order. In that case, even thoug the AP also supports the P-521 curve, an adversary can force the client and AP into using the weaker P-256 curve. This can be accomplished by jamming the messages of the Dragonfly handshake, and forging a message that indicates certain curves are not supported.
Cache-Based Side-Channel Attack (CVE-2019-9494) – exploits the Dragonfly’s protocol’s “hunting and pecking” algorithm. High-level explainer below.
If an adversary can determine which branch of the if-then-else branch was taken, they can learn whether the password element was found in a specific iteration of this algorithm. In practice we found that, if an adversary can run unprivileged code on the victim machine, we were able to use cache-based attacks to determine which branch was taken in the first iteration of the password generation algorithm. This information can be abused to perform a password partitioning attack (this is similar to an offline dictionary attack).
Timing-Based Side-Channel Attack (CVE-2019-9494) – exploits WPA3’s “multiplicative groups” feature. Explainer below:
When the Dragonfly handshake uses certain multiplicative groups, the password encoding algorithm uses a variable number of iteratins to encode the password. The precise number of iterations depends on the password being used, and the MAC address of the AP and client. An adversary can perform a remote timing attack against the password encoding algorithm, to determine how many iterations were needed to encode the password. The recovered information can be abused to perform a password partitioning attack, which is similar to an offline dictionary attack.
More detailed explanations for each of these vulnerabilities are available in an academic paper authored by Mathy Vanhoef and Eyal Ronen, titled “Dragonblood: A Security Analysis of WPA3’s SAE Handshake” –or this website dedicated to the Dragonblood vulnerabilities.
Dargonblood also impacts EAP-pwd
Besides WPA3, researchers said the Dragonblood vulnerabilities also impact the EAP-pwd (Extensible Authentication Protocol) that is supported in the previous WPA and WPA2 WiFi authentication standards.
“We […] discovered serious bugs in most products that implement EAP-pwd,” the research duo said. “These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password.”
The two researchers didn’t publish details how the Dragonblood vulnerabilities impact EAP-pwd because the patching process is still in progress. They did, however, publish tools that can be used to discover if WPA3-capable devices are vulnerbale to any of the major Dragonblood flaws.
Fixes for WPA3 are available
On the other hand, the WiFi Alliance announced today a security update for the WPA3 standard following Vanhoef and Ronen’s public disclosure of the Dragonblood flaws.
“These issues can all be mitigated through software updates without any impact on devices’ ability to work well together,” the WiFi Alliance said today in a press release. Vendors of WiFi products will now have to integrate these changes into their products via firmware updates.
Vanhoef is the same security researcher who in the fall of 2017 disclosed the KRACK attack on the WiFi WPA2 standard, which was the main reason the WiFi Alliance developed WPA3 in the first place.
More vulnerability reports:
This Hidden iPhone Feature Let’s You Make A Call With One Button
The iPhone has a hidden feature that allows you to quickly redial the last phone number that you called. Rather than thumbing through your contact list to find your friend’s number again, you can immediately bring it up by using the manual dialer.
All you need to do is open the Phone app on your iPhone, open the manual dialer, and tap the green call button without entering anything. The first time you tap the call button, the last number that you called or dialed will be automatically pasted into the number entry. If you press the call button again, you’ll call that number.
All in all, it’s three quick taps (open the dialer, tap the call button, tap it again) versus several minutes of contact list scrolling and number-selecting. It’s much quicker, to say the least, especially if your contacts list is especially long. Just remember to take a moment to check the number before you redial, in case you’ve been making a lot of different calls.
While we’re on the subject of re-dialing, if you use Siri on your phone, you can also quickly redial a number with a voice command. Just activate Siri and say “redial that last number” to immediately call the last number that you dialed. Or, if you want to quickly hop back onto a number that called you, you can say “return my last call.”
Missed A Message? Here’s How To Access Your Android’s Notification Log
Notification history has been around on Android phones for years now, but the method to access the setting varies by which smartphone you’re using. Some phones, like the Google Pixel, use a stock version of Android, while others, like OnePlus and Samsung, use their own interface on top of Android. Here’s how to find the feature, irrespective of which version of Android your phone is running:
- Open the Settings app on your Android phone.
- Tap Notifications.
- Tap Advanced settings or More settings.
- Tap Notification history.
- Turn on the toggle on the next page.
On a Google Pixel phone, you’ll find Notification history inside the main Notifications settings menu. If you can’t see the option on your Android phone, use the search bar in the Settings app to search for Notification history. Tap on the option and turn on the toggle next to it.
8 Game-Changing Smart Home Devices You’ve Probably Never Heard Of
Depending on who you ask, mowing the lawn is either an enjoyable weekend routine or a seemingly never-ending chore. For anyone in the latter camp, Husqvarna’s Automower does almost everything for you — all you have to do is set it up and leave it to run. Well, not quite — you’ll have to install a boundary wire around your yard first so that your mower doesn’t pay an unsolicited visit to the neighbor’s house, but once it’s set up, it’s pretty hassle-free to operate.
Using the Automower Connect app, you can check in on how your mower is doing, find exactly where it is, and see how far it’s progressed through the mowing cycle. Alternatively, its status can also be checked through Google Assistant or Amazon Alexa. An alarm system and PIN code locking system help deter thieves, and you’d certainly hope so given the price, as it retails for $2,499.99 on Amazon, but is sometimes discounted to $1,999.99.
This Hidden iPhone Feature Let’s You Make A Call With One Button
The iPhone has a hidden feature that allows you to quickly redial the last phone number that you called. Rather...
3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone
Getty Images Apple has patched a potent chain of iOS zero-days that were used to infect the iPhone of an...
CDC greenlights RSV vaccine during pregnancy—but only for seasonal use
Enlarge / An intensive care nurse cares for a patient suffering from respiratory syncytial virus (RSV), who is being ventilated...
Unity exec tells Ars he’s on a mission to earn back developer trust
Unity Enlarge / Unity executive Marc Whitten tells Ars the company has learned a lot over the last week. If...
Worm that jumps from rats to slugs to human brains has invaded Southeast US
Adult female worm of Angiostrongylus cantonensis recovered from rat lungs with characteristic barber-pole appearance (anterior end of worm is to...
Social1 year ago
Web.com website builder review
Social4 years ago
CrashPlan for Small Business Review
Gadgets5 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Cars5 years ago
What’s the best cloud storage for you?
Social5 years ago
iPhone XS priciest yet in South Korea
Mobile5 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Security5 years ago
Google latest cloud to be Australian government certified
Social5 years ago
Apple’s new iPad Pro aims to keep enterprise momentum