Collective Intelligence Podcast, Mathy Vanhoef on Dragonblood WPA3 Vulnerabilities


Manage episode 239482681 series 2084211
By Tyler Predale and Michael Mimoso. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Security researcher Mathy Vanhoef discusses two new vulnerabilities he and colleague Eyal Ronen discovered in the Dragonfly cryptographic handshake in the WPA3 WiFi protocol. The vulnerabilities, nicknamed Dragonblood, are the continuation of research and additional security flaws in the protocol the two disclosed in April.

The bugs include side-channel timing attacks and downgrade attacks that allow a hacker to leak memory from a client connection to a wireless access point and decrypt passwords in offline dictionary attacks. The Dragonblood attacks bypass mitigations in WPA3 designed to blunt these types of offline attacks.

The vulnerabilities are design and implementation flaws that are being addressed by the WiFi Alliance. Vanhoef discusses his and Ronen's interactions with the group. He also looks back at the KRACK attack he developed three years ago against WPA2.

50 episodes