WPA3 Wi-Fi Standard Affected by New Dragonblood Vulnerabilities

[silversurfer]

Security researchers discovered new vulnerabilities in the WPA3-Personal protocol which allow potential attackers to crack Wi-Fi network passwords and get access to the encrypted network traffic exchanged between the connected devices.
 
According to a press release from the Wi-Fi Alliance, the devices impacted by these security vulnerabilities in the WPA3 Wi-Fi standard "allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements."
 
WPA3 uses Wi-Fi Device Provisioning Protocol (DPP) instead of shared passwords to sign up new devices to the network, a protocol which allows users to scan QR codes or NFC tags to log devices onto the wireless network. Additionally, unlike WPA2, all network traffic will be encrypted after connecting to a network which uses WPA3 WiFi Security.
 
The WPA3-Personal protocol replaces the Pre-shared Key (PSK) in WPA2-Personal with Simultaneous Authentication of Equals (SAE) to provide more robust password-based authentication.

SOURCE: https://www.bleepingcomputer.com/news/se...abilities/