A SECURITY FLAW found in the WPA/WPA2 security protocols could enable an attacker to easily crack WiFi passwords and compromise routers.
The security flaw was found, accidentally, by security researcher Jens Steube while conducting tests on the forthcoming WPA3 security protocol; in particular, on differences between WPA2's Pre-Shared Key exchange process and WPA3's Simultaneous Authentication of Equals, which will replace it. WPA3 will be much harder to attack because of this innovation, he added.
In a technical blog posting, published over the weekend, Steube outlined how the attack works.
Most attack methods against WiFi networks involve waiting until a user connects and capturing information from the 'handshake' procedure between user and network, before conducting a brute-force attack for the password.
Steube's attack method, though, doesn't require an end user. Instead, it targets the Robust Security Network Information Element of a single EAPOL frame.
"At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers)," wrote Steube.
It is not the first security flaw uncovered in WPA2. Wikipedia, for example, lists a series of security flaws that have been identified since WPA2 was introduced in September 2004. The most high profile, perhaps, was the Key Reinstallation Attack, or KRACK attack, identified last year.
Neither WPA nor WPA2 provides forward secrecy, either, making pre-shared keys especially vulnerable.
WPA3 was announced in January. It uses 128-bit encryption in personal mode and 192-bit encryption in enterprise mode. It also replaces the Pre-Shared Key exchange process with Simultaneous Authentication of Equals and should, therefore, avoid the insecurity Steube uncovered in WPA2.
Bad for shareholders, mildly good for the planet
YouTube on the Tube
Claims that it hasn't ever actually worked