The Current Flaws of WPA3 and What Needs to Be Fixed

Dragonblood Featured

If you’ve been keeping an eye out on routers recently, you may have noticed that WPA3 functionality is rolling out across the world. Given how this is the next step up from the respected WPA2 standard, it’s easy to assume that WPA3 is even safer than WPA2.

Whether or not it’s strictly safer is up for debate, but one thing is true: it’s not impenetrable. As this new technology rolls out, researchers acting as white-hat hackers are finding ways to exploit it. So, are these flaws simply teething problems for WPA3, or is it the sign of something larger?

The Dragonblood Vulnerabilities

Dragonblood Dragon

The main harpoon against WPA3’s defenses at this current moment is the Dragonblood vulnerabilities. Recently, two new Dragonblood vulnerabilities have been found, adding to the five that came before them.

Exploit “CVE-2019-13377”

The first exploit occurs when a computer and a WPA3 router pair up with one another. WPA3 uses “Brainpool curves” to encrypt passwords, which isn’t as exciting as it sounds. It’s just a method of elliptic-curve cryptography, which helps encrypt data.

When WPA3 encodes the Wi-Fi password, it has to find a hash output that fits the Brainpool curve. However, it may not succeed on its first attempt; if this happens, it then tries again using a different method. The number of iterations of attempts depends on the password used and MAC address of the computer.

The problem is that hackers can see how many iterations a password goes through before a hash is found. They do this by looking at how long it takes for the password to get a hash output. For example, if one iteration takes five milliseconds and the hacker notes that it took fifteen milliseconds to create a hash, they can deduce that three iterations occurred.

With this knowledge, the hacker can assemble all the passwords that take three iterations to complete and brute-force the system with them. This severely reduces the pool of passwords a hacker needs to try to crack open a system.

Exploit “CVE-2019-13456”

The second vulnerability is with FreeRADIUS’s EAP-pwd system. There isn’t much information on how it works exactly, but it has to do with the number of iterations FreeRADIUS can handle. If it requires more than ten iterations, it will abort the process. This then leaks information to the hackers who can use it to crack what the password is.

How System-Intensive Are the Vulnerabilities?

Dragonblood Processor

These exploits require computer processing to complete. Cybersecurity experts sometimes gauge the intensity of the processing power using dollars. It sounds like a weird way to gauge intensity, but it makes sense; after all, computing power requires money to run, and the more expensive it is to crack a system, the less likely hackers will be to try it.

Unfortunately, the study concluded that it would only take one dollar of computing power to crack these new vulnerabilities. That means hackers can get onto your system for less than a cup of coffee in computing power cost!

Bad Blood

WPA3 is relatively new, and it’s already proving to have its fair share of problems. As such, it’s a good idea to hold off on adopting WPA3 for the time being. It’s best to wait for these problems to be ironed out before welcoming it into your home.

Does this put you off from buying a WPA3 router? Let us know below.

Simon Batt
Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox