Technology 3 min read

Security Researchers Find WPA3 Vulnerabilities

madartzgraphics / Pixabay

madartzgraphics / Pixabay

WPA3 is not as secure as you may think it is.

Back in June 2018, the Wi-Fi Alliance released the WPA3 as a more secure successor to the WPA2. Like it’s predecessor, the new security protocol is designed to protect Wi-fi networks from intruders.

However, recent reports reveal that WPA3 is not the safety blanket we believe it to be.

Two security researchers – Mathy Vanhoef and Eyal Ronen -have identified vulnerabilities in the WPA3-Personal protocol. With this security flaw, not only would intruders be able to crack Wi-Fi passwords, but they’ll also have access to encrypted traffic sent between a user’s device.

But, how is this possible?

The Security Flaw in WPA3- Personal Protocol

Unlike its predecessor – with the Pre-shared Key (PSK), WPA3 comes with a secure method of authentication called Simultaneous Authentication of Equals (SAE).

Simply put, the new method of authentication provides a “dragonfly” handshake, which is supposed to make it nearly impossible to crack users password. And it works, but only in theory.

Now, here is the reality. WPA3 or not, an attacker within range of a victim can still collect the Wi-FI network’s password.

Attackers can abuse two security flaws – side channel leaks or downgrade attacks – to recover their victim’s password. Aside from the passwords, other sensitive information at risk includes emails, chat messages, and credit card numbers.

Some Wi-fi networks, which requires username and password, also use the Dragonfly handshake for access control – the EAP-pwd protocol. According to the security researchers, that may not be a good idea.

One of the security researchers said;

“Unfortunately, our attacks against WPA3 also work against EAP-pwd, meaning an adversary can even recover a user’s password when EAP-pwd is used.”

That means an attacker would be able to impersonate any user. And as a result, they can access the WI-FI password without knowing the user’s password.

What is Being Done to Fix It?

Wi-Fi Alliance released a statement to acknowledge the existence of security flaws.

According to the report, there’s no evidence that attackers have exploited the vulnerabilities yet. Also, users can solve security issues with a simple software update.

In the statement, the WiFi Alliance wrote;

“WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues.”

Update or not, the cybersecurity expert at ESET, Jake Moore believes it’s better to be safe than sorry.

You can either use a VPN or turn off the Wi-Fi and only plug in via ethernet, he said. This is exceptionally useful when transferring the most sensitive data.

Read More: New 3D-Printed Devices can Track Object use Without Wi-Fi or Batteries

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.

Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comment (1)
Most Recent most recent
  1. Profile Image
    Derrick Vanwyk April 21 at 12:01 pm GMT

    Try Ginger Now

    To leak confidential information such as password is a serious flaw.
    To leak confidential information such as a password is a serious flaw.

share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.