Collective Intelligence Podcast, Mathy Vanhoef on Dragonblood WPA3 Attacks
By Mike Mimoso
LAS VEGAS—Vulnerabilities in the WPA3 WiFi protocol continue to surface, whereby resourced attackers would be able to leak memory from a client connection to a wireless access point and perform offline dictionary attacks to retrieve a user’s password to a wireless network.
This week at Black Hat USA 2019, researcher Mathy Vanhoef—who is currently a postdoctoral researcher at New York University Abu Dhabi—and his colleague Eyal Ronen disclosed two new WPA3 vulnerabilities in the Dragonfly cryptographic handshake. The bugs, when piled upon five other issues in the Dragonfly shared in April, have put the WiFi Alliance and vendors on notice that fixes must be developed and implemented as soon as they’re available.
The vulnerabilities, nicknamed Dragonblood, include side-channel timing attacks, downgrade attacks, and cache attacks, all of which enable an attacker to passively or actively collect memory from a connection and steal passwords and other information. The current version of the protocol—released in June 2018—was supposed to remedy this situation and prevent offline attacks. But the Dragonblood vulnerabilities bypass a number of mitigations in place and have put new fixes back on the drawing board.
Vanhoef has published the research here.
In this episode of the Collective Intelligence Podcast, Vanhoef discusses the criticality of these design and implementation flaws and the potential risk to business users and consumers. He also describes each of the vulnerabilities and how most of them can be exploited at a relatively low cost to the attacker—as low as $1 in the case of one class of the bugs.
Vanhoef also discusses the practicality of his attacks, as well as his private disclosure with the WiFi Alliance, as well as the current progress of fixes available in open source Dragonfly projects, as well as commercial patches.
Finally, Vanhoef looks back at the KRACK vulnerability his disclosed three years ago. KRACK is a key reinstallation attack in WPA2 that allowed an attacker to re-use an encryption multiple times over, decrypt packets as they cross a wireless network, and learn secrets.
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.