WPA3 Will Save Our Wi-Fi! Uh, Yeah, Not So Fast…
*Note: This article was originally published by the author on April 12, 2019.
Ever since the Wi-Fi Protected Access (WPA2) protocol was discovered to be vulnerable to Key Reinstallation Attacks (KRACKs) by forcing nonce reuse and the Wi-Fi Alliance approved and introduced the WPA3 protocol as a more secure replacement to WPA2, many people have been anxiously awaiting the new Wi-Fi WPA3 protocol to regain confidence that their private Wi-Fi networks are once again secure from trivial attacks like KRACK.
The WPA3 protocol, however, is far from perfect as new research has revealed. Researchers have found that there are quite a few vulnerabilities within the protocol design and implementation to include hostapd and wpa_supplicant, “ which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred to as Dragonblood” (Vanhoef et al., 2019).
It now seems highly probable that the entire WPA3 protocol will have to be modified to address these vulnerabilities within what has been dubbed its Dragonfly Key Exchange otherwise known as Simultaneous Authentication of Equals (SAE) which replaced the Pre-Shared Key (PSK) protocol with the initial cryptographic key exchange method (Vanhoef et al., 2019).
Listing of known vulnerabilities:
CERT/CC Vulnerability Note VU#871675
Multiple vulnerabilities have been identified in WPA3 protocol design and implementations of hostapd and…
CVE-2019–9494: SAE cache attack against ECC groups (SAE side-channel attacks) — CWE-208 and CWE-524The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns.
CVE-2019–9495: EAP-PWD cache attack against ECC groups (EAP-PWD side-channel attack) — CWE-524The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable.
CVE-2019–9496: SAE confirms missing state validation — CWE-642An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All versions of hostapd with SAE support are vulnerable.
CVE-2019–9497: EAP-PWD reflection attack (EAP-PWD missing commit validation) — CWE-301The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit.
CVE-2019–9498: EAP-PWD server missing commit validation for scalar/element — CWE-346The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.
CVE-2019–9499: EAP-PWD peer missing commit validation for scalar/element — CWE-346The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit.
The current solution to address every single one of these security vulnerabilities is to upgrade hostapd and wpa_supplicant to version 2.8 as the Carnegie Mellon University’s Software Engineering Institute (CMU SEI) vulnerability note #871675 explains. What this means for consumers who are purchasing Wi-Fi routers for small offices home offices (SoHo) is that you’ll likely have to update the firmware for any new WPA3 compatible routers. Models that haven’t made it to market yet will likely be patched prior to being sold or the vendors will have to warn consumers that a firmware patch is required immediately upon device install.
The Wi-Fi Alliance maintains a list of product vendors with WPA3 compatible Wi-Fi routers here along with their certification dates:
The moral of the story here folks is the repetitive theme in information security whereby we already know that perfect security is a myth. The truth about technology is that there will always be flaws that are exploitable and the only recourse we have is to patch frequently and employ a defense-in-depth security strategy. The WPA3 protocol is not bad because it has flaws any more than SSL was bad due to Heartbleed. It’s the nature of the beast in this game.
Vanhoef, M., Ronen, E., Leuven, K.U., Malinen, J., Robinson, K. (2019, April 12). WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant: Vulnerability note VU#871675. Retrieved from https://www.kb.cert.org/vuls/id/871675/