Penetration testing course specialists from the International Institute of Cyber Security (IICS) report the finding of a set of vulnerabilities, dubbed DragonBlood, that affect the standard of authentication and security of connection WiFi WPA3, the latest release of WiFi Alliance.

If exploited, these vulnerabilities could allow an attacker located within the range of a WiFi signal to obtain the network password or infiltrate the potential victim systems.

According to the penetration testing course specialists, DragonBlood consists of five different vulnerabilities:

• A denial-of-service (DoS) attack vulnerability
• Two side channel information leak errors
• Two errors that allow downgrade attacks

Although DoS attack has not been considered highly risky, because it is only functional in WPA3-compatible access points, the other four discovered vulnerabilities can be used to retrieve sensitive user information, such as passwords. These four attacks exploit flaws in the design of the Dragonfly key exchange in the WPA3 standard, a mechanism used to authenticate a router or access point.

In the downgrade attack, hackers can force a WPA3 WiFi network to use older and less secure key exchange systems; Because of this, attackers can recover passwords by exploiting old vulnerabilities.

On the other hand, in the side channel information leak attacks networks with WiFi WPA3 support can deceive a device to force it to use less secure algorithms, so small amounts of information about the network password will be leaked; when you repeat this process the necessary times you can recover the password of a WiFi network completely.

According to the penetration testing course specialists the set of DragonBlood vulnerabilities also impacts the extensible Authentication Protocol (EAP-pwd) supported by WPA and WPA2 standards. “This vulnerability allows hackers to impersonate any user and therefore access the WiFi network, without knowing the legitimate user’s password “.

Shortly after receiving the vulnerability report, WiFi Alliance announced that the fixes for these vulnerabilities would be available as soon as possible. “All these problems are solvable using software updates, no need to fix the devices”, said WiFi Alliance in a statement.

The post DragonBlood, a set of vulnerabilities that affect WiFi WPA3 standard appeared first on Information Security Newspaper | Hacking News.

A specialist has found a new way to crack passwords on most modern routers

The cybersecurity and digital forensic expert Jens “Atom” Steube, who is known for having developed Hashcat, the popular cracking password tool, returns to the scene with the development of a new WiFi hacking method that allows finding the password for most currently used routers.

According to reports of specialists in digital forensics from the International Institute of Cyber Security, this attack technique works against the wireless network protocols WPA/WPA2 with roaming functions based on Pairwise Master Key identifier (PMKID) enabled. Steube discovered this attack variant while conducting an investigation related to the security protocol WiFi WPA3.

The technique allows attackers to retrieve Pre Shared Keys (PSK) and use them to hack the targeted WiFi network, thus accessing the victim’s Internet traffic data.

However, it differs from other WiFi hacking techniques; this attack does not require capturing a four-way LAN Extensible Authentication Protocol (EAPOL) authentication handshake. According to specialists in digital forensics from the International Institute of Cyber Security, this attack is carried out in the Robust Security Network Information Element (RSN IE), using a single EAPOL framework after requesting it from the access point.

“This attack variant was discovered incidentally while we were looking for ways to attack the new WPA3 security standard. On the other hand, hacking this new standard would be much more complex because of its modern key-setting protocol known as Simultaneous Authentication of Equals (SAE),” the expert mentioned.

According to Steube, the main difference between this new method and the rest of the known attacks is that this attack does not require the capture of the complete EAPOL binding protocol, because “it is done in the RSN IE element of a single EAPOL frame”.

The RSN protocol allows you to establish secure communications over 802.11 wireless networks. It uses the PMKID key to establish a connection between client and an access point. According to the expert’s report, the attack is carried out as follows:

• Run hcxdumptool to request the PMKID from the access point and return the frame received as a file (in pcapng format)

$ ./hcxdumptool -o test.pcapng -i wlp39s0f3u4u5 –enable_status

• Run the hcxpcaptool tool to convert the captured data from the pcapng format to a hash format accepted by Hashcat

$ ./hcxpcaptool -z test.16800 test.pcapng

• Start the Hashcat cracking tool (v 4.2.0 or higher versions) and decrypt it. The hash mode we need to use is 16800

$ ./hashcat -m 16800 test.16800 -a 3 -w 3 ‘?l?l?l?l?l?lt!’

This will restore the password of the victim’s WiFi network. Steube points out that he ignores in how many routers exactly this attack works, but he believes that the attack could be functional against all WiFi 802.11 i/p/q/r networks with roaming capabilities enabled. “In other words, the attack would work against most modern routers,” adds Steube.

The post A new WiFi hacking method for WPA/WPA2 appeared first on Information Security Newspaper | Hacking News.

WPA2, which stands for Wi-Fi Protected Access 2, is the current security standard for wireless networks.

Practically any device — smartphones, routers, laptops, IoT devices — with wireless connectivity supports the nearly 2-decade old standard. Security researchers discovered a vulnerability in WPA in October 2017. KRACK, Key Reinstallation Attacks,  works against all WPA2 protected Wi-Fi networks and can be abused to steal sensitive information and other data.

Features of WPA3

The press release that the Wi-Fi Alliance put out on Monday reveals four new features of WPA3. Three of the features improve security significantly.

The first introduces individualized data encryption. It resolves a long-standing issue of open WiFi networks by encrypting connections between devices on the network and the router individually. This blocks any other connected device from snooping on or manipulating traffic of other devices connected to the same network.

The press release lacked further information but it could be that Opportunistic Wireless Encryption is used for the feature.

With OWE, the client and AP perform a Diffie-Hellman key exchange during the access procedure and use the resulting pairwise secret with the 4-way handshake instead of using a shared and public PSK in the 4-way handshake.

OWE requires no special configuration or user interaction but provides a higher level of security than a common, shared, and public PSK. OWE not only provides more security to the end user, it is also easier to use both for the provider and the end user because there
are no public keys to maintain, share, or manage.

The second improvement protects the wireless network better against brute-force attacks. Brute-force attacks try different passwords, often by using dictionaries of common passwords, to get into the system.

WPA3 features anti-brute-force protection. Requests will be blocked after the system notices several failed authentication attempts.

The third security-related improvement is an improved cryptographic standard.

Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial.

No information other than that it is a 192-bit security suite was revealed.

Finally, WPA3 supports a new configuration feature that makes the configuration of devices without screens easier. Basically, what it enables users to do is set up WPA3 options a device using another device.

WPA3-certified devices are expected to become available later this year. Bleeping Computer had a chance to talk to Mathy Vanhoef, the researcher who discovered the KRACK attack on WPA2. He told Bleeping Computer that Linux’s open source Wi-Fi client and access point support the improved handshake already, but that it has not been used in practice.

The Wi-Fi Alliance will continue to deploy WPA2 in Wi-Fi Certified devices. Devices that support WPA3 will work with WPA2 devices.

Source:https://www.ghacks.net/2018/01/09/wi-fi-alliance-announces-wpa3/

The post Wi-Fi Alliance announces WPA3 appeared first on Information Security Newspaper | Hacking News.