[ad_1]
The next generation in Wi-Fi security actually has a serious flaw. New research has found that you can trick the technology to effectively leak the password to a Wi-Fi network.
On Wednesday, a pair of security experts disclosed several vulnerabilities with WPA3, a recently released protocol that was designed to protect Wi-Fi networks from intruders.
“Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network,” researchers Mathy Vanhoef and Eyal Ronen wrote in a blog post summarizing their findings. “Concretely, attackers can then read information that WPA3 was assumed to safely encrypt.”
WPA3 was announced last year as a major upgrade over the older WPA2 protocol, which has been around since 2004 and is particularly susceptible to password cracking attacks.
The problem with WPA2 is that the protocol transmits a “hash” or scrambled version of your Wi-Fi network’s password. To crack the password, a nearby hacker simply needs to capture a single password exchange over the network. The hacker can then take this data home, and proceed to brute-force it with unlimited password attempts to find the right match. The simpler the password, the easier it’ll be for the hacker to crack.
WPA3, on the other hand, tries to fix problem by using what’s called the “Dragonfly handshake” (also known as Simultaneous Authentication of Equals handshake) to make a Wi-Fi network resistant to offline password guessing attempts.
With WPA3, the nearby hacker would supposedly have to remain around the Wi-Fi network in order to crack the password. In addition, the protocol features what called “forward secrecy.” This means the hacker won’t be able to decrypt any previously captured data from your Wi-Fi data stream, even if they’ve successfully learned the network’s password.
Unfortunately, WPA3 isn’t as secure as it seems. One problem is that the protocol is backwards compatible with the older and more vulnerable WPA2 system. In other words, devices can support both protocols and switch between the two.
So if a PC or smartphone transitions from WPA3 to WPA2 when connecting to a Wi-Fi network, the device can be tricked into leaking the password data. The researchers Vanhoef and Ronen managed to pull off this so-called “downgrade attack” by creating a WPA2-enabled dummy router that pretends to be the victim’s official Wi-Fi router. If the victim’s PC or smartphone tries to connect to the dummy router, their device will transmit enough password data over WPA2, which can then be cracked.
With such access, a hacker could spy over any unencrypted data sent over the Wi-Fi network. “This can, for example, be abused to steal sensitive information such as credit cards, passwords, chat messages, emails, and so on, if no extra protection such as HTTPS (encryption) is used,” the researchers wrote.
On top of all this, the researchers developed a seperate, more sophisticated downgrade attack. Two other “side channel” vulnerabilities in the WPA3 protocol were also found, which can be used to leak data to help a hacker piece together a Wi-Fi network’s password. “The resulting attacks are efficient and low cost,” they added. “For example, the downgrade attacks can be exploited using existing WPA2 cracking tools and hardware. The side-channel vulnerabilities can, for instance, be abused to brute-force all 8-character lowercase passwords with as little as $125 worth of Amazon EC2 (cloud computing) instances.”
The good news is that the attacks require a hacker to be nearby. Using a long, complex password for your Wi-Fi network can also help lessen the threat. And for perspective, WPA2 still remains the dominant standard across routers and consumer devices. Many…
Source link
No Comment