It has been reported that ‘Dragonblood‘ vulnerabilities seep into WPA3 secure Wifi handshake. The research identified vulnerabilities in early implementations of WPA3™-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements. An attacker within range of a victim can still recover the password of the Wi-Fi network.
Gavin Millard, VP of Intelligence at Tenable, has provided the following comment on the vulnerabilities.
Gavin Millard, VP of Intelligence at Tenable:
“WPA3 hasn’t even been rolled out fully yet but, as is to be expected, there are numerous interested parties lined up ready to give it a good probe and they’re identifying vulnerabilities. Rather than being viewed as a negative, this is actually extremely positive.
“As with any new technology that moves through from design to development and into production, and whilst efforts to determine every inevitable attack vector will have been considered, there will always be a few obscure paths that still slip through. The designers aren’t just trying to determine how the device will fail but also how it will work.
“To date, a lot of the discovered attacks result in downgrading to WPA2, and this is due to the need to support older devices.
“As further vulnerabilities are inevitable, and fixes become available, it’s important to apply updates as soon as practical. My advice – ‘Stay calm and patch often.’”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.