The vast majority of people out there don't know much about network security, if at all, but thankfully there are talented groups and individuals out there who are on constant lookout for flaws and vulnerabilities. Each security protocol we've seen has had some kind of issue (sometimes crippling), but the still-young Wi-Fi Protected Access protocol version 3, aka WPA3, remains vulnerable to attack, thanks to some pretty serious design flaws.

In a paper titled Dragonblood: A Security Analysis of WPA3’s SAE Handshake, authors Mathy Vanhoef and Eyal Ronen disclose and discuss elements of WPA3 that in some cases, ironically, leave it vulnerable to many of the same types of attacks that plagued its predecessor, WPA2. Previously, WPA2 relied on a four-way handshake, the means by which it authenticated devices. This handshake contains a hash of the network password, leaving it open to cracking (trivially easy in the cases of common or weak ones) if exposed or intercepted.

One of the great things with WPA3 is that capable devices are backwards-compatible with older ones that don't support it, thanks to the WPA3-Transition mode. However, this transitory process can be exploited. Since it allows for networks to support both WPA3 and WPA2 using the same password, an attacker can create a rogue WPA2 network with same SSID as the original. Client devices in the transition mode will then connect to the rogue network using WPA2, leaving the handshake exposed. The authors tested this with a variety of devices and found that this attack works on, among others, the Galaxy S10.

WPA3 is also vulnerable to side-channel leaks, both cache-based and timing-based, that reveal information about the network password. The Wi-Fi Alliance responded to this paper with a statement, but the here's the main piece:

"Recently published research identified vulnerabilities in a limited number of early implementations of WPA3™-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues. These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited."

If you want more technical details, the original paper is the first source link below. It's a fun read if you have the time. Otherwise, for now, the best thing you can do is make sure that you have a strong password on your network. Use a password generator to make something robust, aiming for 13 characters or more.

Source: Research (1), (2)

Via: Ars Technica