Back in January, the Wi-Fi Alliance released its next-gen WPA3 Wi-Fi security protocol.
Then, it was said to be impossible to crack, but it seems that things are not what they were expected to be.
WPA3 is reportedly flawed
The WPA3 did bring a massive update over WPA2 which is the current protocol that’s used by modern Wi-Fi networks.
Gizmodo reveals that researchers have published some new findings that show the WPA3 actually has some pretty severe design flaws that result in a high vulnerability level which leave it weak in front of similar attacks to the ones that plage the WPA2.
WPA3 was supposed to be very secure thanks to an encryption process that’s called the Dragonfly handshake.
This enhanced the current four-way handshake that’s used by WPA2 in order to validate devices which are trying to connect to a network.
But, unfortunately, it seems that this four-way handshake also includes a hash of users’ passwords.
In other words, anyone that’s close enough, such as a phone or laptop which is trying to connect to a network can easily crack that password if it’s too short or not too random.
SAE’s benefits
Gizmodo writes that “What made Dragonfly handshakes harder to crack was that it replaced WPA2’s pre-shared Key with Simultaneous Authentication of Equals (SAE).” The online publication also continues and explains in detail what this means.
Basically, the SAE gives you stronger password-based authentication, and it better protects against password guessing attempts.
There’s another benefit: it also supports forward secrecy which is a feature that is able to protect your data if your password is compromised at some point.
Gizmodo also writes that all these advantages “melt away in light of the relatively easy, low-cost attacks researchers hurled at WPA3.”
One issue is a “transition mode” that enables WPA3 devices to be backwards compatible with WPA2-only devices. Read more about the problems in the official blog post.
After finishing Theatrical Journalism at the Faculty of Theatre and Television in Cluj-Napoca, Rada reviewed movies, books, theatre pieces and she also wrote articles from the IT niche as a content editor for software producers. At the moment, she is working with various online advertising firms.