Security researchers have discovered multiple bugs in the wi-fi protected access version 3 (WPA3) protocol used to secure wireless local area networks, which allow attackers to intercept and steal sensitive information.
WPA3 is the Wi-Fi Alliance industry body's replacement for the 14-year-old WPA2 protocol, which is susceptible to the KRACK key re-installation attack.
PhD candidate Mathy Vanhoef from New York University Abu Dhabi and Eyal Ronen from Tel Aviv University and the Katholieke Universiteit Leuven analysed the WPA3 protocol, and found two types of design flaws.
Vanhoef and Ronen found that a transition mode in WPA3 that allows networks to simultaneously support the new protocol and WPA2 is vulnerable to downgrade attacks.
The researchers' attack enables adversaries to force wireless clients to partially execute the WPA2 four-way handshake, and after that use a brute-force dictionary attack against it.
The four-way handshake is the method used in wi-fi networks to authenticate clients with an access point.
WPA3 has a new handshake protocol for authentication, Dragonfly, that is nearly impossible to crack so as to reveal passwords.
Nevertheless, Vanhoef and Ronen found a way to downgrade and weaken the encryption used by Dragonfly.
Vanhoef and Ronen also targeted the password encryption method in Dragonfly with side-channel attacks.
By launching cache-based and timing-based side-channel attacks, Vanhoef and Ronen were able to perform password partitioning. This is akin to a dictionary attack, and the researchers said they are efficient and low cost.
Cracking all eight character passwords with a brute-force attack requires fewer than 40 handshakes to be tried, at a cost of US$125 worth of Amazon EC2 instances, they said.
The Dragonfly handshake is the only mandatory requirement out of four security features for WPA3 certification, something Vanhoef was critical about when the programme was launched last year.
Late in the analysis and disclosure period, the researchers also discovered vulnerabilities in the Extensible Authentication Protocol - Password (EAP-pwd), and these are yet to be disclosed as vendors are working on providing patches.
Vanhoef and Ronen disclosed the flaws to the Wi-Fi Alliance which has acknowledged the flaws and thanked the researchers for their work.
The flaws can all be addressed with software updates, and Wi-Fi Alliance says there is no evidence that they have been exploited.