Connect with us

Cars

Dragonblood vulnerabilities disclosed in WiFi WPA3 standard

Published

on


Logo: Mathy Vanhoef & Eyal Ronen // Composition: ZDNet

Two security researchers disclosed details today about a group of vulnerabilities collectively referred to as Dragonblood that impact the WiFi Alliance’s recently launched WPA3 Wi-Fi security and authentication standard.

If ever exploited, the vulnerabilities would allow an attacker within the range of a victim’s network to recover the Wi-Fi password and infiltrate the target’s network.

The Dragonblood vulnerabilities

In total, five vulnerabilities are part of the Dragonblood ensemble –a denial of service attack, two downgrade attacks, and two side-channel information leaks.

While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords.

Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard’s Dragonfly key exchange –the mechanism through which clients authenticate on a WPA3 router or access point.

In a downgrade attack, WiFi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.

In a side-channel information leak attack, WiFi WPA3-capable networks can trick devices into using weaker algorithms that leak small ammounts of information about the network password. With repeated attacks, the full password can eventually be recovered.

Downgrade to Dictionary Attack – works on networks where both WPA3 and WPA2 are supported at the same time via WPA3’s “transition mode.” This attack has been confirmed on a recently released Samsung Galaxy S10 device. Explainer below:

If a client and AP both support WPA2 and WPA3, an adversary can set up a rogue AP that only supports WPA2. This causes the client (i.e. victim) to connect using WPA2’s 4-way handshake. Although the client detects the downgrade-to-WPA2 during the 4-way handshake, this is too late. The 4-way handshake messages that were exchanged before the downgrade was detected, provide enough information to launch an offline dictionary attack.

Group Downgrade Attack – works when WPA3 is configured to work with multiple groups of cryptographic algorithms, instead of just one. Basic downgrade attack. Explainer below:

For example, say a client supports the elliptic curves P-521 and P-256, and prefers to use them in that order. In that case, even thoug the AP also supports the P-521 curve, an adversary can force the client and AP into using the weaker P-256 curve. This can be accomplished by jamming the messages of the Dragonfly handshake, and forging a message that indicates certain curves are not supported.

Cache-Based Side-Channel Attack (CVE-2019-9494) – exploits the Dragonfly’s protocol’s “hunting and pecking” algorithm. High-level explainer below.

If an adversary can determine which branch of the if-then-else branch was taken, they can learn whether the password element was found in a specific iteration of this algorithm. In practice we found that, if an adversary can run unprivileged code on the victim machine, we were able to use cache-based attacks to determine which branch was taken in the first iteration of the password generation algorithm. This information can be abused to perform a password partitioning attack (this is similar to an offline dictionary attack).

Timing-Based Side-Channel Attack (CVE-2019-9494) – exploits WPA3’s “multiplicative groups” feature. Explainer below:

When the Dragonfly handshake uses certain multiplicative groups, the password encoding algorithm uses a variable number of iteratins to encode the password. The precise number of iterations depends on the password being used, and the MAC address of the AP and client. An adversary can perform a remote timing attack against the password encoding algorithm, to determine how many iterations were needed to encode the password. The recovered information can be abused to perform a password partitioning attack, which is similar to an offline dictionary attack.

More detailed explanations for each of these vulnerabilities are available in an academic paper authored by Mathy Vanhoef and Eyal Ronen, titled “Dragonblood: A Security Analysis of WPA3’s SAE Handshake” –or this website dedicated to the Dragonblood vulnerabilities.

Dargonblood also impacts EAP-pwd

Besides WPA3, researchers said the Dragonblood vulnerabilities also impact the EAP-pwd (Extensible Authentication Protocol) that is supported in the previous WPA and WPA2 WiFi authentication standards.

“We […] discovered serious bugs in most products that implement EAP-pwd,” the research duo said. “These allow an adversary to impersonate any user, and thereby access the Wi-Fi network, without knowing the user’s password.”

The two researchers didn’t publish details how the Dragonblood vulnerabilities impact EAP-pwd because the patching process is still in progress. They did, however, publish tools that can be used to discover if WPA3-capable devices are vulnerbale to any of the major Dragonblood flaws.

Fixes for WPA3 are available

On the other hand, the WiFi Alliance announced today a security update for the WPA3 standard following Vanhoef and Ronen’s public disclosure of the Dragonblood flaws.

“These issues can all be mitigated through software updates without any impact on devices’ ability to work well together,” the WiFi Alliance said today in a press release. Vendors of WiFi products will now have to integrate these changes into their products via firmware updates.

Vanhoef is the same security researcher who in the fall of 2017 disclosed the KRACK attack on the WiFi WPA2 standard, which was the main reason the WiFi Alliance developed WPA3 in the first place.

More vulnerability reports:

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cars

Callaway Chevy Silverado SC602 Signature Edition trounces Ram TRX in a drag race

Published

on

American performance vehicle builder Callaway Cars has debuted its newest creation: The Chevy Silverado SC602 Signature Edition, now officially the best sleeper truck on the road. How fast? Hold your breath: This Chevy Silverado has trounced the mighty RAM TRX in a drag race. That’s saying a lot since Ram made it clear the TRX is “the quickest, fastest, and most powerful mass-produced truck in the world.”

But as it turns out, Callaway has other plans. The company has a long and cherished history of building quirky yet high-end performance cars like the C4 Corvette Sledgehammer and C7 Corvette AeroWagen. However, what we really love about the Silverado SC602 is the way it looks.

It may resemble a factory-stock Chevy Silverado from some angles, but there are telltale signs of the truck’s outstanding stoplight-to-stoplight ability. Like those 20 or 22-inch Callaway lightweight wheels, for instance, or the bevy of chrome Callaway exterior badging, including a bold CALLAWAY script on the carbon fiber front grille.

As with any Callaway vehicle, what matters most is hiding under the sheet metal. The SC602 starts life as a Chevrolet Silverado Trail Boss, RST, LTZ, or High Country with a standard 6.2-liter V8 motor and four-wheel drive. Next, Callway installs a GenThree Eaton TVS R2650 Supercharger with a TripleCooled intercooler. The blower offers 15-percent more displacement yet requiring 18-percent less power output.

It doesn’t stop there. The truck also gets a high-flow intake, low-restriction stainless steel dual outlet exhausts with quad exhaust tips, and a bespoke Callaway ECU with custom tuning. After all the dirty engine work is complete, the Callaway Silverado SC60’s blown V8 is now pumping out 602 horsepower and 560 pound-feet of torque.

But wait, the Ram TRX’s Hellcat V8 makes 702 horsepower and 650 pound-feet of torque, 100 more horses (and 90 more torques) than Callaway’s truck, so how did it trounce the Ram? Two words: weight and tires. The Silverado SC602 tips the scales at only 5,820 pounds (2640 kg), while the Ram TRX weighs around 7,080 (3,211 kg) pounds.

The result is nothing short of astonishing. The SC602 goes from zero to 60 mph in 4.3-seconds, zero to 100 mph in 9.80-seconds, and breaks the quarter-mile in 12.5-seconds @ 113 mph. Meanwhile, the Ram TRX goes from zero to 60 mph in 3.99-seconds, a bit quicker than the Chevy.

But the latter is faster from zero to 100 mph as the Ram needed 10.14 seconds to perform the deed, proof of the Callaway Silverado SC60’s mid to high-range pulling power. And yeah, those sticky performance tires were partly responsible for the Callaway’s drag strip prowess.

What’s more, the Silverado SC602 is 50-state emissions compliant and carries a 3-year/36,000-mile warranty to supplement Chevy’s bumper-to-bumper warranty. Other goodies include aluminum door sills, billet aluminum pedals, an Alcantara-covered horn cover, and ID plaques to let other people know you’re driving the genuine article.

How much? We have no idea. But you can get in touch with Callaway if you fancy the ultimate Ram-beating sleeper truck.

Callaway Chevy Silverado SC602 Signature Edition Gallery

Continue Reading

Cars

Ford reveals the custom 2021 Mustang Mach-E to be given away for charity

Published

on

Ford has supported various charities for a long time, often donating customized automobiles to be auctioned off. Each year Ford offers a customized car for the AirVenture charity, and typically that car is a Ford Mustang of some sort with a big V8 engine under the hood. This year, the car Ford is donating to the charity is a different kind of Mustang.

Ford has revealed the customized electric 2021 Mustang Mach-E that will be auctioned off this year. The vehicle was built to honor the sacrifices of Women Air Force Service Pilots. The special Mach-E is inspired by the female volunteer pilots and the planes they flew during World War II.

Proceeds from the vehicle auction support the EAA initiative to provide young women and underserved youths more access to careers in the aviation industry. Ford notes that it has worked with AirVenture for more than two decades and has donated 12 custom aviation-themed performance vehicles so far, raising a total of more than $4 million. 2021 marks the first year Ford has donated an electric vehicle.

The custom Mach-E was designed by Ford and has a custom paint scheme with military badging inspired by the warplanes the volunteers flew. Women Air Force Service Pilots flew almost every type of military aircraft in World War II as they rolled off the factory floor after assembly. Ford put badges, including the US Army Air Force star on both sides, wings logos on the hood and fender, and No. 38 on the front fascia, rear bumper, and inside the cabin.

That number represents the 38 volunteers who died serving their country. Women Air Force Service Pilots are a group of American volunteers who transported warplanes to US Army bases worldwide to be used in combat. The female pilots flew more than 60 million miles during the war and weren’t recognized as active military personnel until 1977 when the pilots were granted retroactive military status.

Continue Reading

Cars

This Porsche 911 Turbo S pays homage to Mexican driving ace Pedro Rodriguez

Published

on

In collaboration with Porsche Latin America, Porsche Mexico, and Porsche Exclusive Manufaktur, German automaker Porsche has built a custom 911 Turbo S in memory of the late, great Pedro Rodriguez. Rodriguez is the most successful Mexican racing driver of all time.

He walked away with 11 titles in the World Championship of Makes – now known as the World Endurance Championship – and helped Porsche capture the crown in 1970 and 1971 aboard a Porsche 917 KH in Gulf Oil livery. Rodriguez claimed two Formula Grand Prix wins, four wins in the 24 Hours of Daytona, and a victory at the 24 Hours of Le Mans before losing his life in 1971 at the Norising street circuit in Nuremberg, Germany.

Fifty years on after that fateful and deadly crash, Porsche is reliving the glory days with a custom 911 Turbo S ‘One of a Kind’ Pedro Rodriguez. The car debuted at a Sportscar Together Day event at the Centro Alto Rendimineto in Toluca, Mexico, where it drew oohs and ahhs with its custom Gulf attire.

Porsche claims the 911 Turbo S ‘One of a Kind’ Pedro Rodriguez is, well, genuinely one of a kind. “This configuration, with these specific details and equipment, has been locked in the Porsche configurator, as well as in the production system, so that this car is literally unrepeatable,” said Camilo San Martin, Director of Porsche Mexico.

Wearing the iconic Gulf Blue paint with single orange striping, it also has custom high-gloss black wheels, an aluminum center lock, and a black number 2 in a white circle graphic on the doors and front hood. Look closely at the B-pillar and you’ll find a silhouette of the 917 KH race car wearing the colors off the Mexican flag, complete with the name and signature of Pedro Rodriguez.

Other bespoke elements include unique carbon moldings on the lower door frames (which illuminate when the doors are open), Graphite Blue leather seats with orange stitching, and an engraved tribute of the eight races that Rodriguez won aboard the Porsche 917 KH under the rear spoiler.

Also included are a Gulf Blue key fob (with Rodriguez’s signature) and a luggage set wearing the same blue and orange colors. It still has a turbocharged 3.8-liter flat-six pumping out 640 horsepower and 590 pound-feet of torque with an eight-speed dual-clutch gearbox under the hood.

The Porsche 911 Turbo S Pedro Rodriguez will hit the auction block later this year. Porsche will donate the auction proceeds to various charities.

Continue Reading

Trending