Two more vulnerabilities found in WiFi WPA3

Posted on Monday, Aug 05 2019 @ 13:51 CEST by Thomas De Maesschalck
WiFi logo
The WiFi Alliance developed WPA3 with better security in mind but it appears this isn't working out as planned as researchers once again found vulnerabilities in the protocol. In April, Mathy Vanhoef and Eyal Ronen discovered five vulnerabilities in WPA3, and now the two security researchers discovered another pair of security flaws in WPA3. Both vulnerabilities allow a brute-force attack on a WiFi network's password.

The findings were reported to the WiFi Alliance, which is now working on an update, which may lead to WPA 3.1. The security researchers blast the WiFi Alliance for its closed standards development process:
But besides just disclosing the two new Dragonblood vulnerabilities, the two researchers also took the chance to criticize the WiFi Alliance again for its closed standards development process that doesn't allow for the open-source community to contribute and prevent big vulnerabilities from making it into the standard in the first place.

"This demonstrates that implementing Dragonfly and WPA3 without side-channel leaks is surprisingly hard," the researchers said. "It also, once again, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept."

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments