Vulnerabilities of WPA3 Giving Hackers an Easy Way to Steal Passwords

Vulnerabilities of WPA3 Giving Hackers an Easy Way to Steal Passwords

Compromised WPA3 (Wi-Fi Protected Access 3) internet security standards could let hackers get Wi-Fi passwords easily. WPA3 was launched in January 2018 and to improve the Wi-Fi network security, Advanced Encryption Standard (AES) was used. New research by Mathy Vanhoef and Eyal Ronen suggests that the protocol is not secure enough as it might appear. 

WPA3 had claimed to be better than WPA2 in various ways like protecting from offline dictionary attacks and forward secrecy, and WPA3 certification also was aiming at making Wi-Fi network more secure. Whereas, the study revealed that there have been many design flaws in WPA3 and these flaws have been analyzed theoretically as well as empirically. 

To obtain the password of the Wi-Fi network, hackers can either leverage cache-based side channel leak or the timing. According to researchers, this technique can be used to steal other sensitive information that is transmitted including the passwords, emails, chat messages or even credit card numbers. 

These password attacks can affect the dragonfly or Simultaneous Authentication of Equals (SAE) handshake of WPA3. These attacks are of similar to the dictionary attacks, and allow the hackers to steal passwords by abusing the cache-based side-channel leaks or the timing. 

The password encoding method of the protocol is targeted through the side-channel attacks, as SAE's hash-to-curve algorithm is exploited through the cache-based attack. 

The denial-of-service attack has also been discovered by the researchers in which various handshakes are initiated through WPA3 enabled Access Point. 

These vulnerabilities can be judged by users themselves and for it, four proof-of-concept tools have been introduced by the researchers on GitHub. 

Researchers said that all their attacks have been against the hash-to-group and hash-to-curve algorithm, the password encoding method of SAE, which can easily be prevented just by a slightest change in the algorithms. 


In response to the issue, the Wi-Fi alliance clarified that all these vulnerabilities can be resolved through a simple and regular software update, as people usually perform on their mobile apps.

The WPA-Personal is still in its early stages of deployment, but the device manufacturers which are effected with this have already started to make efforts to resolve these issues. 

The interoperability between devices will not require any kind of changes when the software updates, however, the assistance of the websites of device providers can be taken in case users want further information.


Photo: Ten One Design

Comments

Popular posts from this blog

You know Instagram Is Testing Three New Features, Collaborative Posts, Limited Comments and Sell Button On The Profile

Did you know 77 Percent of Twitter Users are Comfortable Sharing Data with the Microblogging Platform To Improve Ad Experience

Did you know Research shows that Apple’s iPhone 12 has secured its spot for being the best selling model for the 1st quarter of 2021