Researchers have discovered a number of design flaws affecting the security of the recently introduced WPA3 data transmission protocol.
Collectively dubbed Dragonblood (because they affect WPA3’s Dragonfly handshake), they can be exploited to mount a DoS attack against a vulnerable access point or, more worryingly, to recover the password of a Wi-Fi network.
“Attackers can then read information that WPA3 was assumed to safely encrypt. This can for example be abused to steal sensitive information such as credit cards, passwords, chat messages, emails, and so on, if no extra protection such as HTTPS is used,” the researchers, Mathy Vanhoef and Eyal Ronen, noted.
