author: Frozen
Security Gap in WPA3 Protocol Can Be Hacked for $125
A security gap was detected in Wi-Fi Protected Access 3 (WPA3) wireless protocol, which enables hackers to easily crack users' password. The method is quick and cheap - launching an attack using it costs $125.
- According to recent studies, the WPA3 protocol has a serious security gap;
- It enables hackers to quickly and cheaply crack a user password;
- The protocol makers are questioning the results of the research.
Two researchers, Mathy Vanhoef and Eyal Ronen, published a joint scientific paper entitled Dragonblood proving that the SAE (Simultaneous Authentication of Equals) method, commonly known as Dragonfly, used in WPA3 protocol, is highly susceptible to attacks aimed at obtaining user passwords. You can break the protocol using the dictionary method, i.e. by entering all possible combinations of passwords until you finally find the right one. With the right software and power reserves from Amazon EC2, the whole operation becomes simple and quick, at a cost of $125.
WPA3 is an encryption standard designed to replace the popular wireless network protocol WPA2. The Wi-Fi Alliance introduced it because its predecessor had a serious security vulnerability allowing hackers to launch KRACK (Key Reinstallation Attacks) attacks, allowing them to connect to someone else's network in order to monitor data transmissions.
Researchers believe that WPA3 does not meet the standards of a modern security protocol. The Wi-Fi Alliance refutes these allegations, claiming that the problems presented only occur in a limited number of early WPA3 implementations and that all the shortcomings can be easily corrected by updating the software. The organization also believes that there is no evidence that anyone is actually exploiting the gap.