ICT Security-Sécurité PC et Internet

Dragonblood: Neue Lücken in WLAN-Verschlüsselung WPA3 könnten WPA3.1 nötig machen
Während Gerätehersteller fleißig das löchrige WPA3 in Produkte integrieren, sieht es so aus, als ob neue Lücken eine nicht-kompatible Version 3.1 nötig machen.

Das Schlüsselaustausch-Protokoll von WPA3 ist nach der Insekten-Ordnung der Libellen benannt (englisch: dragonfly). (Bild: Pixabay )

Im April hatten die beiden Sicherheitsforscher Mathy Vanhoef und Eyal Ronen ernste Sicherheitslücken in der Passwörtprüfung des neuen WLAN-Sicherheitsstandards WPA3 entdeckt und Dragonblood getauft. Vanhoef war mit der Entdeckung des KRACK-Angriffs auf WPA2 im Jahr 2017 überhaupt erst dafür verantwortlich gewesen, dass die Standardisierungsorganisation Wi-Fi Alliance den WPA3-Standard entwickelt hatte.

Nun sieht es so aus, als könnten durch Vanhoef und Ronen neu veröffentlichte Dragonblood-Lücken dafür sorgen, dass ein WPA3.1 aus der Taufe gehoben werden muss. Diese neue Version des Sicherheits-Standards wäre nicht abwärtskompatibel zu WPA3.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WiFi

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WPA3

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Dragonblood

 

A new way to compromise the WPA/WPA2 security protocols has been accidentally discovered by a researcher investigating the new WPA3 standard.

The attack technique can be used to compromise WPA/WPA2-secured routers and crack Wi-Fi passwords which have Pairwise Master Key Identifiers (PMKID) features enabled.

Security researcher and developer of the Hashcat password cracking tool Jens "Atom" Steube made the discovery and shared the findings on the Hashcat forum earlier this month.

At the time, Steube was investigating ways to attack the new WPA3 security standard. Announced in January by industry body the Wi-Fi Alliance, WPA3 is the latest refresh of the Wi-Fi standard.

WPA3 aims to enhance user protection, especially when it comes to open Wi-Fi networks and hotspots commonly found in public spaces, bars, and coffee shops. The new standard will utilize individualized data encryption to scramble connections -- as well as new protections against brute-force attempts to crack passwords.

However, the aging WPA2 standard has no such protection.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://gustmees.wordpress.com/2013/05/27/dangers-of-wifi-in-public-places/

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WiFi

 

Earlier this year in April, two security researchers disclosed details about five vulnerabilities (collectively known as Dragonblood) in the WiFi Alliance's recently launched WPA3 WiFi security and authentication standard.

Yesterday, the same security researchers disclosed two new additional bugs impacting the same standard.

The two researchers -- Mathy Vanhoef and Eyal Ronen -- found these two new bugs in the security recommendations the WiFi Alliance created for equipment vendors in order to mitigate the initial Dragonblood attacks.

Just like the original Dragonblood vulnerabilities from April, these two new ones allow attackers to leak information from WPA3 cryptographic operations and brute-force a WiFi network's password.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WiFi

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WPA3

 

https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Dragonblood

 

 

Wi-Fi devices have been using the same security protocol for over a decade. But today, that’ll begin to change: the Wi-Fi Alliance, which oversees adoption of the Wi-Fi standard, is beginning to certify products that support WPA3, the successor to the WPA2 security protocol that’s been in use since 2004.

The new protocol provides a number of additional protections for devices connected over Wi-Fi. One big improvement makes it harder for hackers to crack your password by guessing it over and over again, and another limits what data hackers can see even once they’ve uncovered the passcode. Nothing will change as far as users see it; you’ll still just type in your password and connect to the network.

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WiFi

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=WPA2