Major vulnerabilities found in new Wi-Fi standard

null

The latest WPA3 WiFi security and authentication standard may be suffering from serious safety flaws of its own. 

This is according to a group of researchers - Mathy Vanhoef and Eyal Ronen, who issued a report called “Dragonblood – A Security Analysis of WPA3’s SAE Handshake”, which identifies design flaws in the WPA3 standard's Dragonfly key exchange, hence the Dragonblood name.

They disclosed a total of five vulnerabilities, four of which could be used to recover user passwords, while the fifth one could be used to ‘only’ crash WPA3-compatible access points.

The details about the vulnerabilities, how they operate and how they attack the network can be found on this link.

The Wi-Fi Alliance, responsible for the creation and the release of the WPA3 standard, issued a security update for the WPA3, after the flaw was made public.

"These issues can all be mitigated through software updates without any impact on devices' ability to work well together," the WiFi Alliance announced via a press release.

Wi-FI product vendors will now have to make sure their products’ firmware is up to date with the latest patches.

Mathy Vanhoef, ZDNet reminds, is the same person that discovered the KRACK attack on the Wi-Fi WPA2 standard in autumn of 2017. The KRACK attack is what led the Wi-Fi Alliance to drop the WPA2 standard in the first place.

Image Credit: Mediacom