DragonBlood WPA3 vulnerabilities discovered

DragonBlood WPA3 vulnerabilities

The Wi-Fi Alliance® issued a security update confirming the discovery of vulnerabilities in WPA3-Personal by security researchers. The vulnerabilities collectively dubbed “DragonBlood” is based on the underlying Dragonfly handshake used by WPA3.

WPA3 is a newer security protocol that brings improved authentication and encryption to wireless networks at home and the enterprise. The Wi-Fi Alliance introduced “Wi-Fi CERTIFIED WPA3” officially just last June.

WPA3-Personal includes a more resilient and secure password-based authentication and key establishment protocol, Simultaneous Authentication of Equals (SAE). SAE helps provide stronger protections between devices and for users against password guessing attempts by attackers or third parties.

An excerpt of the Wi-Fi Alliance security advisory published on April 10th:

“Recently published research identified vulnerabilities in a limited number of early implementations of WPA3™-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues. These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited.”

Security researchers, Mathy Vanhoef and Eyal Ronen, discovered the DragonBlood WPA3 vulnerabilities and described the threat in a recent blog post:

“Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the network. This allows the adversary to steal sensitive information such as credit cards, password, emails, and so on, when the victim uses no extra layer of protection such as HTTPS.”

The researchers lumped the flaws into two primary categories. One of the categories consists of downgrade attacks against WPA3-capable devices. The second category consists of WPA3 Dragonfly handshake weaknesses (also known as the Simultaneous Authentication of Equals (SAE) handshake in the Wi-Fi standard).

At least seven different vulnerabilities were listed in the Wi-Fi Alliance April security advisory:

  • CERT case ID: VU#871675
  • CVE-2019-9494
  • CVE-2019-9495
  • CVE-2019-9496
  • CVE-2019-9497
  • CVE-2019-9498
  • CVE-2019-9499

Vanhoef added that CVE-2019-9494 is related to both timing-based and cache-based side-channel attacks against WPA3’s Dragonfly handshake.

The US-CERT advisory (VU#871675) relates to a downgrade attacks and another resource consumption attack that can be used against WPA3’s Dragonfly handshake. Another of the downgrade attacks could be launched against WPA3-Transtition mode, which could lead to dictionary attacks.

The researchers coordinated the responsible disclosure with the Wi-Fi Alliance and CERT/CC. This close collaboration allowed the timely notification to all impacted vendors so they could deploy updates to devices as soon as possible to address the WPA3 vulnerabilities.

Users of WPA3 compatible devices should check with their vendors for the latest updates.