Dragonblood is a collection of five exploits and vulnerabilities that affect the latest WPA3 protocol and certification. They were revealed by security researchers Mathy Vanhoef and Eyal Ronen last week. The publication of their paper caused the Wi-Fi Alliance to issue a security update acknowledging the flaws.
In that update, the Wi-Fi Alliance blamed early implementations of the WPA3-Personal for the problem. It stated: “Recently published research identified vulnerabilities in a limited number of early implementations of WPA3-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues.”
The researchers did not pull their punches. In the conclusion, Vanhoef and Ronen said: “In light of our presented attacks, we believe that WPA3 does not meet the standards of a modern security protocol. Moreover, we believe that our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner.”
What is Dragonblood?
As stated, Dragonblood is a collection of exploits and vulnerabilities. At the heart of the problem is the WPA3 Simultaneous Authentication of Equals (SAE) handshake. SAE is not new and has been around since 2008. The name Dragonfly is used to refer to all the variants of SAE. Over time, side-channel defences have been added to SAE to help protect against known problems. It appears that the side-channel defences play a part in the vulnerabilities.
One of these allows a denial-of-service (DoS) attack against an Access Point (AP). WPA3 has an anti-clogging method specifically designed to mitigate against DoS attacks. By using spoofed MAC addresses an attacker can inject commit frames. This causes a significant increase in the CPU workload.
The other four attacks all allow password partitioning attacks. This allows attackers to recover user passwords and even steal sensitive data. Two of these attacks take advantage of the requirement for WPA3 to also support WPA2. The remaining attacks also use older and less secure protocols that reveal information about the password.
The researchers say: “Notable is also that nearly all of our attacks are against SAE’s password encoding method.” They continued: “Interestingly, a simple change to this algorithm would have prevented most of our attacks. In particular, the peer’s MAC addresses can be excluded from SAE’s password encoding algorithm, and instead included later on in the handshake itself. This allows the password element to be computed offline, meaning an adversary can no longer actively trigger executions of the password encoding method.”
What does the industry think?
Simon Migliano, Head of Research at Top10VPN.com, commented: “The discovery of severe vulnerabilities in the WPA3 standard serves as a timely reminder that no WiFi network should be considered truly secure even when they are password-protected and properly updated.
“Anyone unfortunate enough to be connected to a WiFi network under attack via these ‘Dragonblood’ vulnerabilities prior to them being patched would have been left utterly exposed as if they were on a public network.
“WPA3 was intended as a more robust replacement for the severely-compromised WPA2 standard that preceded it. Considering that the paint was barely dry on WPA3 before serious security flaws were discovered, it’s not unrealistic to expect that further vulnerabilities may yet be discovered in time.”
Rob Kraus, Sr. Director, Global Threat Intelligence Center Operations, NTT Security told Enterprise Times: “The sky is not falling. All new technologies invariably come with risks and vulnerabilities. The WPA3-Personal Dragonblood vulnerabilities are no different, but are quite manageable. In fact, the WiFi Alliance press release says that these vulnerabilities can all be mitigated via software updates which impacted vendors have already begun deploying. But, since new technologies come with new vulnerabilities, we should not be surprised if additional vulnerabilities are uncovered as deployment of WPA3 continues.
“Dragonblood vulnerabilities are not yet being used in attacks in the wild. Don’t wait until they are; be proactive in applying appropriate software updates if you have deployed an affected WPA3-Personal device.
“All impacted vendors have been notified and countermeasures are being implemented with the help of the researchers who discovered these vulnerabilities. In addition, the researchers have made tools available to check your devices.”
Enterprise Times: What does this mean
WPA3 was developed to deal with the fall-out from KRACK. This was first announced in 2017 by Verhoef and a number of other researchers. There are 10 vulnerabilities in KRACK that enabled attackers to read encrypted data. Because of the way KRACK worked, the Wi-Fi Alliance decided to develop WPA3 to create a more secure standard.
Blaming the problems on early implementations is not a complete cop-out. As with all complex hardware standards, some vendors will jump the gun in order to get to market sooner. This is what appears to have happened here. However, those same vendors are believed to have used the Wi-Fi CERTIFIED requirements to validate their products. Assuming, and nobody is saying any different, that they passed that testing, the problem appears to be a weakness in the testing regime. That does not give the vendors a complete pass but it does mitigate their culpability somewhat.
Unlike KRACK, this latest attack affects only those who are using the first generation of WPA3-Personal. Patches are in the works and likely to arrive soon. The question has to be: “How can this be avoided in future?” The answer is, it probably can’t. That is because to define a testing programme and get it right in a short space of time is difficult, especially given the complexity of networking.
For now, anyone using WPA3-Personal should actively look for updates and apply them as soon as they are ready.