A new study by researchers Matty Vanhoef and Eyal Ronen revealed five vulnerabilities – collectively named ‘Dragonblood’ – in the WPA3 Wi-Fi standard. Four of the five are considered a severe threat to online security. What does this teach us about trust in our networks?
WPA3 (Wi-Fi Protected Access 3) is the latest generation of Wi-Fi security certification developed by the Wi-Fi Alliance. Building on the widespread success and adoption of WPA2, the succeeding technology was announced late in 2018 and heralded as the market’s “next cutting-edge security protocol”.
WPA3 adds a range of new features aimed at simplifying WiFi security, including more robust authentication, increased cryptographic strength, and more resilient networks. The new standard retains interoperability with WPA2 devices, and while currently optional, it will eventually become obligatory in line with market adoption.
Though designed to provide stronger privacy and security protections for personal and enterprise users, several design flaws have already been reported.
Researchers have detailed a set of side-channel and downgrade attacks that would allow an attacker to compromise Wi-Fi networks equipped with WPA3 protection. The research duo has named these vulnerabilities “Dragonblood” with reference to the ‘Dragonfly’ handshake WPA3 uses to establish secure communication between two devices.