Attacks on WPA3

An attacker is less likely to conduct successful attacks on WPA3 network. The WPA3 scheme is well hardened against the most common attacks that can be performed on WPA2. Soon after the release of WPA3, security researchers have pointed out some vulnerabilities affecting WPA3. However, most of the vulnerabilities affecting recent version of WPA3 are nowadays already patched by the vendors.

Downgrade attacks on WPA3

WPA3 Transition Mode allows non WPA3-SAE compliant devices to connect to the network using the WPA2-PSK scheme.

The problem is that a client can connect to the network using WPA2-PSK with the same passphrase used to connect to WPA3.

Therefore, it is possible to capture the WPA2-PSK handshake of clients using this scheme and crack it offline.

We can also host an WPA2-PSK honeypot with the same SSID and then wait for clients to connect to it. Since our rogue network does not support WPA3, client will be forced to authenticate via WPA2-PSK. An attacker can capture the handshake of clients who connects to the rogue network.

We can identify WPA3 network in Transition mode by capturing the traffic and analyzing the Beacon frames using Wireshark. In the image below, both PSK and SAE can be identified as authentication mode.

Then, we can create a WPA2 honey-pot with the following configuration file:

hostapd.conf
interface=wlan0
ssid=wpa3_ssid
hw_mode=g
channel=11
wpa=2
wpa_passphrase=123456 //may be random
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

If PMF is enabled, the attacker will have no choice but to wait for a client to connect to the fake AP. Otherwise, deauthentication attack might be possible.

Mitigation

Disabling WPA3 transition mode and go for two networks, one with WPA2-PSL and the other using WPA3 Only mode.

Security Group Downgrade

Objective: Create an WPA3 honey pot and force the client to choose a weaker security group.

As we control the Honey pot access point, we can indicate to the Supplicant that that the AP does not support, as instance, group 21. The supplicant will have to rely on a weaker security group such as group 19. A weaker security group means the use of a weaker Elliptic Curve and thus smaller parameters used for encryption (g, p, q). Cracking the handshake from a weaker security group might be possible but still require A LOT of computational power.

Side Channel Attacks

A side channel attack can be described as leveraging leakage of information from implementation. From example, we can deduced some information based on the temperature, the time, the frequencies, the fan speed that can be observed from a system in action. In the Time-based Side Channel Attack, the attacker can observe the time taken in responses for differents password. For some passwords, the time requires to convert the passphrase into MODP (DHE) will be slower/faster. In others words, the time taken represents the number of iterations that an AP needs to process a password. For network applying the Elliptic Curve the BrainPool curves the time skipped depends on password. However, the NIST curves does not permits a timing based attack, since always 40 loops are performed for a constant time operation.

Denial of Service Attack

Some network might be vulnerable to Denial of Service attacks, especially whtn the secure group chosen is relatively high and the calculation requires a lot of computational effort (ex: group 21). If the number of clients trying to authenticate exceeds what the AP is able to handle, this can lead to a denial of services.

PreviousCapture the 4-Way HandshakeNextwpa_supplicant

Last updated