When the Wi-Fi Alliance released its next-generation WPA3 wifi security protocol last January, it was touted as being nigh impossible to crack. That made it a serious upgrade over WPA2, the current protocol used by modern wifi networks—including the one you’re probably reading this on. Except, researchers on Wednesday published findings that show WPA3 actually has several serious design flaws that leave it vulnerable to the same attacks that plagued WPA2.
To backtrack for a second, the main thing that was supposed to make WPA3 so secure was an encryption process called the ‘Dragonfly’ handshake. It improved on the current ‘four-way handshake’ used by WPA2 to validate devices trying to connect to a network. Unfortunately, the four-way handshake includes a hash of your password. That means that anyone close enough to say, a phone or laptop trying to connect to a network can easily crack your password if it’s too short or not random enough.
What made Dragonfly handshakes harder to crack was that it replaced WPA2's pre-shared Key with Simultaneous Authentication of Equals (SAE). If that reads like gobbledygook, all you really need to know is that SAE gives you stronger password-based authentication and better protects against password guessing attempts—even if your passwords aren’t long enough and don’t contain a mix of capital letters, symbols, and numbers. The other benefit of SAE was it supports forward secrecy, a feature that protects your data if your password is compromised later on.
But these purported advantages sort of melt away in light of the relatively easy, low cost attacks researchers hurled at WPA3. One of the highlighted problems is a “transition mode” that enables WPA3 devices to be backwards compatible with WPA2-only devices. In a blog, the researchers explained that a hacker could create a rogue network and exploit the transition mode to force WPA3 devices to connect using WPA2. Then, the hacker could easily capture part of the WPA2's four-way handshake and then use brute force attacks to figure out the rest of the password. The researchers also found that on a Samsung Galaxy S10, they could force the device into using WPA2 even if it connected to a WPA3-only network.
This is troubling because it’ll be a while before all wifi networks are WPA3 compatible. In an email to Ars Technica, lead researcher Mathy Vanhoef said, “Since the first few years most networks will have to operate in WPA3-Transition mode to support both WPA2 and WPA3 simultaneously, this greatly reduces the advantage of WPA3.”
Dragonfly is also susceptible to timing-based side channel leaks. Essentially, a hacker could measure how long it takes a password to be encoded and use that information to reverse engineer the password. In any case, the researchers noted both types of side channel attacks are “efficient and low cost.” Basically, they’d cost less than $125 worth of Amazon EC2 computing resources.
What does all this mean? Long story short, WPA3 ain’t as secure as it was initially made out to be, and according to the study’s researchers, a lot of the vulnerabilities could have been avoided if the Wi-Fi Alliance had more outside input when developing WPA3. Another troubling issue the researchers pointed out is that fixing some of the side-channel issues won’t be easy. This all raises further questions about the future security of cheap Internet of Things devices, as manufacturers may not have the resources to implement the necessary fixes.
“In light of our presented attacks, we believe that WPA3 does not meet the standards of a modern security protocol,” the researchers wrote in their conclusion. “Finally, we believe that a more open process would have prevented (or clarified) the possibility of downgrade attacks against WPA3-Transition mode. Nevertheless, although WPA3 has its flaws, we still consider it an improvement over WPA2.”
On the upside, the Wi-Fi Alliance is aware of the researchers’ findings. In a release, the group wrote that “WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues.”
Hackers will always find a way. At least this time around, the vulnerabilities were spotted by the good guys and subsequent patches rolled out from their findings could deter hackers from trying the same tricks. It also emphasizes how important it is to make sure your device’s firmware is up-to-date, and that if you aren’t already using a password manager, you should really, really get on that.