Major vulnerabilities found in new WiFi standard

News
By
published

Dragonblood vulnerabilities could allow hackers to recover user's Wi-Fi passwords

Image Credit: Flickr (Image credit: Image Credit: Chris Oakley / Flickr)

The WiFi Alliance's recently launched WPA3 Wi-Fi security and authentication standard could potentially allow hackers to infiltrate user's networks by exploiting a new group of vulnerabilities discovered by two security researchers.

The vulnerabilities discovered by the researchers, collectively referred to as Dragonblood, would allow a potential attacker within range of a victim's network to recover their Wi-Fi passwords and infiltrate the target's network.

In total, the researchers discovered five vulnerabilities: a denial of service attack, two downgrade attacks and two side-channel information leaks.

The denial of service attack is a less severe vulnerability as it only leads to crashing any WPA3-compatible access points but the other four could be used to recover user passwords.

Dragonblood vulnerabilities

The researchers have called the vulnerabilities they discovered Dragonblood since both downgrade attacks and both the side-channel leaks take advantage of design flaws in the WPA3 standard's Dragonfly key exchange.

The downgrade attacks work by putting pressure on WIFI WPA3-capable networks to use an older and less secure password exchange system that could allow hackers to retrieve network passwords using older flaws.

Side-channel information leak attacks on the other hand, work by tricking devices on WiFI WPA3-capable networks into using weaker algorithms that leak small amounts of information about the network password. Over time and with repeated attacks though, the full password can be recovered.

Following the release of information on these vulnerabilities, the WiFi Alliance reassured users that they had not been exploited by cybercriminals yet in a press release, saying:

“These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited.”

Via ZDNet

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Red padlock open on electric circuits network dark red background
AI-powered cyber threats are becoming the biggest worry for businesses everywhere
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
Red padlock open on electric circuits network dark red background
Aviaton firms hit by devious new polyglot malware
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
Latest in News
AMD Ryzen 9950X
Ryzen CPUs are the cheapest Zen 5 cores you can buy, but I was surprised to see this AMD 192-core CPUs on the value leaderboard
A hand holding a phone showing the Android Find My Device network
Android's Find My Device can now let you track your friends – and I can't decide if that's cool or creepy
Insta360 X4 360 degree camera without lens protector
Leaked DJI Osmo 360 image suggests GoPro and Insta360 should be worried – here's why
A YouTube Premium promo on a laptop screen
A cheaper YouTube Premium Lite plan just rolled out in the US – but you’ll miss out on these 4 features
Viaim RecDot AI true wireless earbuds
These AI-powered earbuds can also act as a dictaphone with transcription when left in their case
The socket interface of the Intel Core Ultra processor
Intel unveils its most powerful AI PCs yet - new Intel Core Ultra Series 2 processors pack in vPro for lightweight laptops and high-performance workstations alike
More about security
Webex by Cisco banner on a Chromebook

Cisco warns some Webex users of worrying security flaw, so patch now
Image of laptop infected with malware

Ransomware criminals are now sending their demands...by snail mail?
AMD Ryzen 9950X

Ryzen CPUs are the cheapest Zen 5 cores you can buy, but I was surprised to see this AMD 192-core CPUs on the value leaderboard
See more latest
Most Popular
AMD Ryzen 9950X
Ryzen CPUs are the cheapest Zen 5 cores you can buy, but I was surprised to see this AMD 192-core CPUs on the value leaderboard
Thanko monitor
At 11lbs, this double 24-inch 'portable' monitor is a bit too much for me but I love the audacity
Rocket Enterprise SSD
Sabrent launches its first 30.72TB SSD, but like all the others, you won't be able to run it on your PC (or buy it on Amazon)
Volkswagen ID.EVERY1 Concept Car
Volkswagen reveals the ID.1 concept car, which will spawn its cheapest all-electric model to date
Eurocom Raptor X17
This $12,000 laptop comes with 24TB RAID-0 SSD storage, 128GB of RAM, and Intel's most powerful mobile CPU - but no Nvidia RTX 5090M GPU
BYD Ling Yuan DJI Drone launcher
BYD’s new roof-mounted DJI drone launchpad looks like a dream for filming road trips – but less so for car safety
An AI face in profile against a digital background.
'Simulating scientists': A new AI tool wants to make serendipitous scientific discovery less human
A hand holding a phone showing the Android Find My Device network
Android's Find My Device can now let you track your friends – and I can't decide if that's cool or creepy
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
A YouTube Premium promo on a laptop screen
A cheaper YouTube Premium Lite plan just rolled out in the US – but you’ll miss out on these 4 features