Scorpiones Group

Security Flaws in WPA3 Protocol Lets Attackers Hack your WiFi Password

Security researchers have discovered several flaws in the Wi-Fi Protected Access 3 (WPA3) protocol.
Those security flows that could allow an attacker to crack the victim's WIFI password and ultimately access encrypted traffic.
The researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network using downgrade attacks or side-channel leaks And what's disturbing is that it can supposedly be done relatively fast and cheap.

What is WPA?
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data.

WPA3 was designed in part to address a major vulnerability in WPA2 (and WPA) that had been widely used to protect wireless networks at home and in some workplaces.
That specific flaw, dubbed KRACK—Key Reinstallation Attack—could allow an attacker to snoop on what is supposed to be encrypted traffic between computers and wireless access points.
The newer security protocol addressed that vulnerability and added other protections, but it may not be as secure as we thought.
In a research paper titled recently released, researchers say that WPA3's Simultaneous Authentication of Equals (SAE) handshake, commonly known as Dragonfly, is affected by password partitioning attacks.

What are the vulnerabilities of the WPA3?
Researchers have detailed two types of design flaws in WPA3, the first one leads to downgrade attacks while the second one to side-channel leaks.

WPA3 Hacking Since the WPA3 protocol is fairly new, it will take time to update billions of devices to WPA3.
So it won’t happen overnight, meanwhile, until the devices people have are being updates to WPA3, researchers have found that the transitional mode is vulnerable to downgrade attacks,
so they are basically forcing the devices to downgrade instead of upgrading, and hacking to those devices while bypassing the out-of-date protocols in place.

Researchers also found two side-channel attacks Cache-based and Timing-based attacks against the WPA3’s password encoding method that could allow attackers to perform a password partitioning attack, similar to an offline dictionary attack, to obtain Wi-Fi password.

But that’s not the end,
you could also Denial of Service attack the system using the vulnerabilities WPA3 have, by overloading an "AP by initiating a large number of handshakes with a WPA3-enabled Access Point", bypassing SAE's anti-clogging mechanism that is supposed to prevent DoS attacks.

How do you protect your network?
Researchers have sent their results to Wi-Fi Alliance.
WiFi Alliance, the non-profit organization that certifies WiFi standards and Wi-Fi products for conformity,
the organization acknowledged the issues and are working with vendors to patch existing WPA3-certified devices.
In contrast to DNS Rebinding attack that discussed previously in this blog, this way of attacking your private Wi-Fi network, is by gaining the W-Fi password itself, instead of gaining access to the target’s browser as ReDTunnel attacking tool suggested.

If you want to identify exploitable vulnerabilities and verify that your infrastructure is resilient against the most advanced network level attacks as DNS Rebinding, WPA3 Protocol Hack and thousand other methods, contact us now and ask about our network penetration testing service

Tags: Red Team Penetration Testing Network Penetration Testing Exploit WiFi Hacking

Contact Us