WPA3 gets security update as some implementations were vulnerable to attack

Posted on Friday, Apr 12 2019 @ 10:31 CEST by Thomas De Maesschalck
Wifi logo
The WiFi Alliance announced an update to WPA3 as security researchers discovered that some implementations are vulnerable to an attack that can expose the password. At the moment, there aren't a lot of devices that use WPA3. Details about the attack can be found in this Dragonblood whitepaper (PDF) from Mathy Vanhoef.
Wi-Fi Alliance® provides trusted security to billions of Wi-Fi® devices and continues to support Wi-Fi users, as we have done for twenty years.

Recently published research identified vulnerabilities in a limited number of early implementations of WPA3™-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues. These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited.

Security is and will always be a dynamic endeavor, and Wi-Fi Alliance regularly updates Wi-Fi CERTIFIED™ requirements to address wireless security and privacy challenges as the threat landscape changes. WPA3-Personal raised the bar with next generation security for private Wi-Fi networks based on a simple password credential. Wi-Fi Alliance has taken immediate steps to ensure users can count on WPA3-Personal to deliver even stronger security protections. Wi-Fi CERTIFIED WPA3-Personal now includes additional testing based on elements of the latest research, and Wi-Fi Alliance is broadly communicating implementation guidance to ensure vendors understand the relevant security considerations. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

As with any technology, robust security research that pre-emptively identifies potential vulnerabilities is critical to maintaining strong protections. Wi-Fi Alliance thanks Mathy Vanhoef of New York University Abu Dhabi and Eyal Ronen of Tel Aviv University and KU Leuven for discovering and responsibly reporting these issues, allowing industry to proactively prepare updates ahead of widespread industry deployment of WPA3-Personal.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments