Security News

WPA3 flaws bleed “dragonblood”

Avast Security News Team, 12 April 2019

Hailed as the super-secure Wi-Fi standard, WPA3 is not as bulletproof as experts claimed.

The Wi-Fi Alliance’s next-generation Wi-Fi security standard, WPA3, has shown design flaws that could allow cyberattackers to recover Wi-Fi passwords and steal sensitive information.

The five revealed vulnerabilities are dubbed Dragonblood because it ultimately affects the Dragonfly protocol, an overhauled key exchange that its architects hailed as resistant to password guessing attacks.

The vulnerabilities are part of an ensemble of attacks – a denial of service, two downgrade attacks, and two side-channel information leaks. Such vulnerabilities can be abused to steal sensitive transmitted data including credit card numbers, account passwords, emails, etc.

It seems WPA3 and the Mother of Dragons’ own Viserion share the same doomed fate.

Upgrading Wi-Fi security is almost always driven by device compatibility versus improvements or innovation. With WPA2, passwords can be cracked by ‘listening’ to the 4-way handshake between a client and the access point. The release of WPA3 (Wi-Fi Protected Access III) was done so in haste just 15 months ago, after its predecessor was cracked open by the KRACK exploit. WPA3 is supposed to provide seamless protection against brute-force attacks for Wi-Fi network passwords.

The Wi-Fi Alliance, a nonprofit organization that certifies Wi-Fi standards and products, is working with router manufacturers and other vendors to patch existing WPA3-certified devices. The good news is that the Wi-Fi Alliance has stated that a software fix can correct the vulnerability.  And it won’t have any impact on the ability of devices to work together. The organization is also communicating implementation guidance to ensure vendors understand all security considerations.

Protect yourself from Wi-Fi network attacks

“While it may seem that someone connected to your Wi-Fi network is nothing to worry about, that’s far from the truth,” explains Luis Corrons, Avast security evangelist. “Once inside a network, attackers have access to devices that are not visible from the Internet. It is essential to use a tool, such as the Wi-Fi Inspector, which is included with Avast Free Antivirus, to have all of your devices accounted for and conveniently protected. If there is any known vulnerability or weak password in any of your devices, Wi-Fi Inspector will let you know so you can fix the issue.”

In addition, Corrons suggests the following tips as well:

  • Get the latest firmware from the manufacturer of your WPA3 router devices as soon as it is made available.

  • Use unique, strong passwords. Password managers are very helpful in managing all the complex, unique passwords you should be using.

  • To up your privacy, use a VPN, or virtual private network, which hides your online activities from everyone when you are on a Wi-Fi network.

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.