Home News Dragonfly lets hackers steal WPA3 Wi-Fi passwords

Dragonfly lets hackers steal WPA3 Wi-Fi passwords

Patchwork BADNEWS, APT31 threat group

The new Wi-Fi security protocol WPA3 is no longer secure. University researchers have discovered several new holes that enable hackers to steal Wi-Fi passwords.  No one has exploited these vulnerabilities yet, but it merits immediate patching.

The flaws in the WPA3 Wi-Fi authentication protocol were discovered by Mathy Vanhoef of New York University Abu Dhabi and Eyal Ronen of Tel Aviv University & KU Leuven.  They published the results of their research in a technical paper, available on Vanheof’s dedicated microsite. Vanhoef also discovered the KRACK vulnerability that affected WPA2 in 2017.

It may be recalled that the Wi-Fi Alliance launched WPA3 in June. It came in two flavors: WPA3-Personal, and WPA3-Enterprise.

The issues relate to WPA3-Personal which uses an authentication protocol called Simultaneous Authentication of Equals (SAE), also known as Dragonfly. A WPA3-Personal device uses it as a handshake mechanism to connect with other Wi-Fi-enabled devices.