New Ways to Hack WPA3 Protected WiFi Passwords
Recently a team of cyber security researchers uncovered two more flaws that could allow attackers to hack WiFi passwords. This team already discovered several vulnerabilities, collectively dubbed as Dragonblood in WPA3 WiFi security standard.
WPA has been designed with the purpose to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and also prevent hackers from eavesdropping on you wireless data.
WPA3 relies on a more secure handshake, called SAE (Simultaneous Authentication of Equals), which is also known as Dragonfly, that aims to protect WiFi networks against offline dictionary attacks.
However, in less than a year, security researchers Mathy Vanhoef and Eyal Ronen found several weaknesses (Dragonblood) in the early implementation of WPA3, allowing an attacker to recover WiFi password by abusing timing or cache-based side-channel leaks.
Shortly after that disclosure, the WiFi Alliance, the non-profit organization which oversees the adoption of the WiFi standard, released patches to address the issues and created security recommendations to mitigate the initial Dragonblood attacks
For more information on the New side-channel attack against WPA3 click on the link