Researchers Discover New Dragonblood Vulnerability In Wi-Fi WPA3 Standard

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
User avatar
Moogle Stiltzkin
Ask me anything
Posts: 6717
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Researchers Discover New Dragonblood Vulnerability In Wi-Fi WPA3 Standard

Post by Moogle Stiltzkin » Fri Apr 12, 2019 10:53 pm

Researchers have discovered new vulnerabilities that affect the Wi-Fi WPA3 standard. Referred to collectively as Dragonblood, the vulnerabilities allow attackers to steal network password and infiltrate the target’s network.

Specifically, Dragonblood comprises a total of five vulnerabilities. These vulnerabilities consist of a denial of service attack, two downgrade attacks, and two side-channel information leaks. The denial of service attack is not really significant, it only crashes the WPA3 compatible access point. The remaining four, on the other hand, are the ones that the Wi-Fi Alliance is warning people about.

In a downgrade attack, the Wi-FI WPA3 standard is forced into using an older password exchange system. The older system (WPA2) is more insecure and has a handful of vulnerabilities for attackers to exploit.

Additionally, the side channel leak attacks trick the devices into using a weaker algorithm to leak fragments of information about the network password. Eventually, the attackers will collect enough information to piece it together and recover the entire password for the network.

Fortunately, the Wi-Fi Alliance swiftly responded to the issue; it says that it will be releasing a security patch for the WPA3 standard. After which, it will be up to vendors to send out the security patch via firmware updates to their Wi-Fi products.
https://www.xda-developers.com/dragonbl ... i-fi-wpa3/

:(
NAS
[Main Server] QNAP TS-877 w. 4x HGST Deskstar NAS (HDN724040ALE640) EXT4 Raid5 & 2 x m.2 Samsung 850 Evo raid1 cache acceleration read only. QWA-AC2600 wireless adapter addon.
[Backup] QNAP TS-653A w. 5x 2TB Samsung EcoGreen F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TS-659 Pro
[Backup] QNAP TS-509 Pro w. 4x 1TB Western Digital RE3 (WD1002FBYS) EXT4 Raid5
[Backup] QNAP TS-228
[Backup] QNAP TS-128 w. 1x 1TB Western Digital RE3 (WD1002FBYS)

Network
Asus AC68U Router|100mbps dl/50mbps ul FTTH Internet | Windows 10 Enterprise, Water Cooled PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides and articles by me
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review


https://www.patreon.com/mooglestiltzkin

mdhwoods
Know my way around
Posts: 170
Joined: Wed Mar 29, 2017 8:30 pm

Re: Researchers Discover New Dragonblood Vulnerability In Wi-Fi WPA3 Standard

Post by mdhwoods » Mon Apr 15, 2019 9:17 pm

Ya i was reading about this last week. if you build it, someone will break it.

User avatar
Moogle Stiltzkin
Ask me anything
Posts: 6717
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Researchers Discover New Dragonblood Vulnerability In Wi-Fi WPA3 Standard

Post by Moogle Stiltzkin » Sat Apr 20, 2019 2:46 pm

mdhwoods wrote:
Mon Apr 15, 2019 9:17 pm
Ya i was reading about this last week. if you build it, someone will break it.
actually i found a better article here
Next-gen standard was supposed to make password cracking a thing of the past. It won't.
“In light of our presented attacks, we believe that WPA3 does not meet the standards of a modern security protocol,” authors Mathy Vanhoef of New York University, Abu Dhabi, and Eyal Ronen of Tel Aviv University and KU Leuven wrote. “Moreover, we believe that our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner.”

Had the alliance heeded a recommendation made early in the process to move away from so-called hash-to-group and hash-to-curve password encoding, most of the Dragonblood proof-of-concept exploits wouldn't have worked, the researchers went on to say. Now that the Dragonfly is finished, the only option is to mitigate the damage using countermeasures that at best will be "non-trivial" to carry out and may be impossible on resource-constrained devices.
https://arstechnica.com/information-tec ... passwords/


i agree with merlin's statement :(
The expert critics are pretty loud however about the fact that the Wifi Alliance were warned early during the design phase about some of their initial choices, but they decided to keep going on doing their own thing and ignore outside advice (or so those experts say).

Bottom line hasn't changed: if it doesn't move, wire it. If it moves and it's security-sensitive, wire it anyway.

recommended solution from the article
People should ensure that any WPA3 devices they may be using are running the latest firmware. They should also ensure they are using unique, randomly generated passwords that are at least 13 characters long. Password managers or the use of dice words are two useful ways to ensure password requirements are being met. Security experts have long recommended both these practices. They only become more important now.
:)
NAS
[Main Server] QNAP TS-877 w. 4x HGST Deskstar NAS (HDN724040ALE640) EXT4 Raid5 & 2 x m.2 Samsung 850 Evo raid1 cache acceleration read only. QWA-AC2600 wireless adapter addon.
[Backup] QNAP TS-653A w. 5x 2TB Samsung EcoGreen F3 (HD203WI) EXT4 Raid5
[Backup] QNAP TS-659 Pro
[Backup] QNAP TS-509 Pro w. 4x 1TB Western Digital RE3 (WD1002FBYS) EXT4 Raid5
[Backup] QNAP TS-228
[Backup] QNAP TS-128 w. 1x 1TB Western Digital RE3 (WD1002FBYS)

Network
Asus AC68U Router|100mbps dl/50mbps ul FTTH Internet | Windows 10 Enterprise, Water Cooled PC-Intel i7 920 Ivy bridge desktop (1x 512gb Samsung 850 Pro SSD + 1x 4tb HGST Ultrastar 7K4000)


Guides and articles by me
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review


https://www.patreon.com/mooglestiltzkin

Post Reply

Return to “Users' Corner”