Concretely, attackers can then read information that WPA3 was assumed to safely encrypt.
Our side-channel attacks target Dragonflys password encoding method.
The cache-based attack exploits Dragonflys hash-to-curve algorithm, and our timing-based attack exploits the hash-to-group algorithm.
Similar to dictionary attacks, the side-channel attacks are efficient and low cost, the researchers said.
Further, Cache-Based Side-Channel AttackCVE-2019-9494allows attackers to run unprivileged code on the victim machine.
It allows the attackers to determine which branch was taken in the first iteration of the password generation algorithm.
This allows an attacker to determine how many iterations were needed to encode the password.
Interestingly, a simple change to this algorithm would have prevented most of our attacks, the researchers say.
They are working with vendors to patch existing WPA3-certified devices.
The software updates do not require any changes that affect interoperability between Wi-Fi devices.
Users can refer to their unit vendors websites for more information, the Wi-Fi Alliance says in itspress release.
you might read more information about Dragonblood vulnerabilitieshere.
source: www.techworm.net
