Dragonblood Flaws in WPA3 Allow Recovery of Wi-Fi Passwords
April 11, 2019 / Eduard Kovacs
A series of vulnerabilities discovered by researchers in the WPA3 protocol can allow an attacker to obtain the password of a Wi-Fi network. Officially launched in June 2018, the latest version of the Wi-Fi Protected Access (WPA) protocol is designed to provide better protection against offline dictionary attacks and password guessing attempts, improved security even when a less complex password is used, and forward secrecy to protect communications even if the password has been compromised. WPA3, for which Personal and Enterprise variants are available, will gradually replace WPA2, but it will likely take several years until it’s widely adopted. In the meantime, WPA2 will continue to be maintained and improved. Mathy Vanhoef of New York University Abu Dhabi and Eyal Ronen of Tel Aviv University and KU Leuven have analyzed WPA3, specifically its Simultaneous Authentication of Equals (SAE) handshake, which is commonly known as Dragonfly.