Connect with us

Cars

Dragonblood vulnerabilities disclosed in WiFi WPA3 standard

Published

on


Logo: Mathy Vanhoef & Eyal Ronen // Composition: ZDNet

Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance’s recently launched WPA3 Wi-Fi security and authentication standard.

If ever exploited, the vulnerabilities would allow an attacker within the range of a victim’s network to recover the Wi-Fi password and infiltrate the target’s network.

The Dragonblood vulnerabilities

In total, five vulnerabilities are part of the Dragonblood ensemble –a denial of service attack, two downgrade attacks, and two side-channel information leaks.

While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords.

Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard’s Dragonfly key exchange –the mechanism through which clients authenticate on a WPA3 router or access point.

In a downgrade attack, WiFi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.

In a side-channel information leak attack, WiFi WPA3-capable networks can trick devices into using weaker algorithms that leak small ammounts of information about the network password. With repeated attacks, the full password can eventually be recovered.

Downgrade to Dictionary Attack – works on networks where both WPA3 and WPA2 are supported at the same time via WPA3’s “transition mode.” This attack has been confirmed on a recently released Samsung Galaxy S10 device. Explainer below:

If a client and AP both support WPA2 and WPA3, an adversary can set up a rogue AP that only supports WPA2. This causes the client (i.e. victim) to connect using WPA2’s 4-way handshake. Although the client detects the downgrade-to-WPA2 during the 4-way handshake, this is too late. The 4-way handshake messages that were exchanged before the downgrade was detected, provide enough information to launch an offline dictionary attack.

Group Downgrade Attack – works when WPA3 is configured to work with multiple groups of cryptographic algorithms, instead of just one. Basic downgrade attack. Explainer below:

For example, say a client supports the elliptic curves P-521 and P-256, and prefers to use them in that order. In that case, even thoug the AP also supports the P-521 curve, an adversary can force the client and AP into using the weaker P-256 curve. This can be accomplished by jamming the messages of the Dragonfly handshake, and forging a message that indicates certain curves are not supported.

Cache-Based Side-Channel Attack (CVE-2019-9494) – exploits the Dragonfly’s protocol’s “hunting and pecking” algorithm. High-level explainer below.

If an adversary can determine which branch of the if-then-else branch was taken, they can learn whether the password element was found in a specific iteration of this algorithm. In practice we found that, if an adversary can run unprivileged code on the victim machine, we were able to use cache-based attacks to determine which branch was taken in the first iteration of the password generation algorithm. This information can be abused to perform a password partitioning attack (this is similar to an offline dictionary attack).

Timing-Based Side-Channel Attack (CVE-2019-9494) – exploits WPA3’s “multiplicative groups” feature. Explainer below:

When the Dragonfly handshake uses certain multiplicative groups, the password encoding algorithm uses a variable number of iteratins to encode the password. The precise number of iterations depends on the password being used, and the MAC address of the AP and client. An adversary can perform a remote timing attack against the password encoding algorithm, to determine how many iterations were needed to encode the password. The recovered information can be abused to perform a password partitioning attack, which is similar to an offline dictionary attack.

More detailed explanations for each of these vulnerabilities are available in an academic paper authored by Mathy Vanhoef and Eyal Ronen, titled “Dragonblood: A Security Analysis of WPA3’s SAE Handshake” –or this website dedicated to the Dragonblood vulnerabilities.

Dargonblood also impacts EAP-pwd

Besides WPA3, researchers said the Dragonblood vulnerabilities also impact the EAP-pwd (Extensible Authentication Protocol) that is supported in the previous WPA and WPA2 WiFi authentication standards.

“We […] discovered serious bugs in most products that implement EAP-pwd,” the research duo said. “These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password.”

The two researchers didn’t publish details how the Dragonblood vulnerabilities impact EAP-pwd because the patching process is still in progress. They did, however, publish tools that can be used to discover if WPA3-capable devices are vulnerbale to any of the major Dragonblood flaws.

Fixes for WPA3 are available

On the other hand, the WiFi Alliance announced today a security update for the WPA3 standard following Vanhoef and Ronen’s public disclosure of the Dragonblood flaws.

“These issues can all be mitigated through software updates without any impact on devices’ ability to work well together,” the WiFi Alliance said today in a press release. Vendors of WiFi products will now have to integrate these changes into their products via firmware updates.

Vanhoef is the same security researcher who in the fall of 2017 disclosed the KRACK attack on the WiFi WPA2 standard, which was the main reason the WiFi Alliance developed WPA3 in the first place.

More vulnerability reports:

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cars

2022 Honda Passport is hitting the rally circuit

Published

on

The 2022 Honda Passport is hitting the rally circuit as the Japanese automaker fortifies its motorsports pedigree. And similar to the Honda HPD Ridgeline that competed at the recently concluded Rebelle Rally, the Passport is going rallying with a team of Honda engineers led by suspension test engineer and driver Chris Sladek and chassis design engineer and co-driver Gabriel Nieves. Both men are from Honda’s North American Auto Development Center in East Liberty, Ohio.

Honda recently debuted its redesigned 2022 Passport five-seat crossover SUV, which now gets a more rugged TrailSport variant with chunkier aesthetics, 18-inch wheels, and 8.1-inches of ground clearance. However, the rally version is the brainchild of the Honda Performance Development (HPD) Maxxis Rally racing team. It has 17-inch BRAID Winrace T rally wheels, Maxxis RAZR M/T or RAZR A/T tires, rear differential skid plates, and an aluminum oil pan cover to protect vital underpinnings from impacts and bumps.

Other changes include protective high-density polyethylene panels on the fuel tank, Carbotech XP12 brake pads, and racing-bred brake fluid to offer reliable stopping power. It also has OMP racing seats with six-point competition harnesses, a roll cage, a rally computer, and a fire suppression system. Of course, it gets distinctive exterior livery courtesy of HPD.

The Passport rally car is also lighter than stock with Lexan polycarbonate rear glass and deleted rear seats. Other changes like a hydraulic handbrake are mandatory, while the modified exhaust offers a louder exhaust sound while reducing engine backpressure to improve performance.

Meanwhile, there are no changes under the hood. The 2022 Honda Passport rally car is hitting the rally circuits with a stock 3.5-liter i-VTEC V6 engine, a nine-speed automatic gearbox with paddle shifters, and i-VTM4 all-wheel-drive system. “The fact that we didn’t make any modifications to the 2022 Honda Passport’s drivetrain or suspension for such punishing terrain and competition speaks volumes to the capability and performance that comes standard in the Passport,” said driver Chris Sladek.

Honda’s Passport rally truck made its racing debut at the Lake Superior Performance Rally (LSPR) in Michigan last October 15 to 16. The team finished 22nd out of 42 regional competitors while placing 4th out of six in the Limited 4WD class. The Passport will see more action throughout the 2022 American Rally Association (ARA) series.

Continue Reading

Cars

The 2022 Honda Civic Si aims right for the sweet-spot

Published

on

Honda promised something hotter from the 11th Gen Civic line, and the 2022 Civic Si is just that. Taking the well-received Civic Sedan, and then pumping in some extra performance, it should bridge the gap between now and the new Civic Type R expected to launch sometime next year – and be more affordable than that car, too.

It’s got some solid underpinnings to start from, with both the Civic Sedan and the Civic Hatchback getting praise for their handling and poise. This new Civic Si, meanwhile, upgrades Honda’s turbocharged 1.5-liter four-cylinder VTEC engine, and then pairs it with a 6-speed manual transmission.

The engine is good for 200 horsepower arriving at 6,000 rpm, with a 6,500 rpm redline. Torque is 192 lb-ft, now arriving between 1,800 and 5,000 rpm; that, Honda points out, is 300 rpm sooner than the outgoing car. The broader power curve and a lighter flywheel should make for a car that responds more rapidly, the automaker promises.

As for the transmission, it’s an improved 6-speed manual with the rev-matching system from the Civic Type R. The result, Honda says, is a better feel and 10-percent shorter throws. You’ll have to like it, mind, since Honda won’t be offering the 2022 Civic Si with an automatic option. Fuel economy comes in at 27 mpg in the city, 37 mpg on the highway, and 31 mpg combined.

A helical limited-slip front differential is standard, along with a new Active Sound Control system which boosts the natural engine noise in the cabin. Honda insists it’ll add to, rather than detract from, the overall driving experience. Bigger brakes have been fitted, with 12.3-inch front rotors growing a whole 1.2-inches over the standard Civic Sedan, while the rear rotors grow almost an inch to 11.1-inches total. 235/40R18 all-season performance rubber is standard, with summer tires a factory option.

As with the Sedan and Hatchback, the new Si benefits from the 11th Gen Civic’s stiffer body and longer wheelbase. Honda then adds 8-percent stiffer front springs and 54-percent stiffer rear springs, together with new dampers, reinforced upper front MacPherson struts for better cornering, and thicker front and rear stabilizer bars to cut body roll. The Type R donates compliance bushings, upper arms, and lower B-arms, while steering gets an upgrade courtesy of a stiffer torsion bar.

There are still Normal and Sport drive modes, but an Individual mode has been added. That allows the driver to choose their mix of engine response, steering weight, and instrumentation theme settings.

Outside, there’s a new upper front bumper, a reworked rear bumper with twin oval exhaust tips, a front spoiler, and a gloss black rear spoiler. More gloss black appears on the mirrors and window surrounds, and Honda makes LED lighting front and rear standard, too. 18-inch 10-spoke alloy wheels – in an Si-specific matte black – are standard, too, and the Blazing Orange Pearl paint is exclusive to the car as well.

Inside, Si-exclusive sport seats with integrated head restraints and more shoulder and lower thigh support are included, along with sport pedals and red contrast stitching. The honeycomb dash panel is carried over, but with red trim now. A 7-inch driver display and 9-inch infotainment touchscreen are standard, with wireless Apple CarPlay and Android Auto. Honda also adds the 12-speaker Bose audio system, and Honda Sensing is standard, too.

Pricing will be confirmed closer to the 2022 Civic Si’s arrival in dealerships later in 2021.

Continue Reading

Cars

Toyota Tacozilla inspired by 1970s Chinook campervans to debut at SEMA

Published

on

We bet you haven’t heard of the Toyota Chinook campervan, but we’re pretty sure you’ll be looking forward to Toyota’s Tacozilla campervan concept at this year’s SEMA show in November. The Toyota Chinook is a collaboration between the Japanese automaker and American wagon maker Chinook RV. The first Toyota Chinooks entered the market in 1973 and were essentially motorhomes with a pop-up roof built on a long-wheelbase Toyota half-ton truck chassis.

And since it’s a Toyota, Chinook campervans have the same bulletproof reliability as Toyota trucks. The folks at Toyota’s motorsports tech center in Texas created Tacozilla with the Chinook in mind, but it now has a more contemporary design to cope with seriously rugged terrain.

Starting with a Toyota Tacoma TRD Sport manual, the team conceptualized a bed-mounted micro-house with a cab-over design and a stubby rear end to lessen the approach and departure angles, making it effortless to find a suitable camping spot in the wild outdoors. According to project manager Marty Schwerter, Tacozilla will be sleeker, more aerodynamic, and more fuel-efficient than any Toyota Chinook before it, not to mention more off-road capable than ever before.

Toyota claims the camper is tall enough for a six-foot two-inch person to stand while cooking meals in the built-in kitchenette. The home quarters will also have a table, a standard toilet, and a two-person bed. Tacozilla will also come in a unique retro-inspired red, white, and orange livery as those vintage Chinook campervans. “Racecars are cool looking,” added Schwerter. “I want campers to be cool looking, too.”

And while the old Chinooks were motivated by Toyota’s 18R motor, Tacozilla will have a standard 3.5-liter V6 engine with 278 horsepower and 265 pound-feet of torque. The initial rendering also features unique off-road wheels and chunkier Cooper Discoverer all-terrain tires.

Unlike other concepts, the Toyota Tacozilla is as real as it gets. The automaker is working overtime in finishing the prototype just in time for the 2021 SEMA Show this November 2 to 5, 2021. The question is, can we expect Tacozillas at Toyota dealerships soon? If Toyota did it in the early 1970s, we could see no reason it won’t be doing it again. But will Tacozilla be as cool as those retrolicious Chinook camper vans? We’ll have to wait for SEMA to find out.

Continue Reading

Trending