Home News Dragonfly lets hackers steal WPA3 Wi-Fi passwords

Dragonfly lets hackers steal WPA3 Wi-Fi passwords


The new Wi-Fi security protocol WPA3 is no longer secure. University researchers have discovered several new holes that enable hackers to steal Wi-Fi passwords.  No one has exploited these vulnerabilities yet, but it merits immediate patching.

The flaws in the WPA3 Wi-Fi authentication protocol were discovered by Mathy Vanhoef of New York University Abu Dhabi and Eyal Ronen of Tel Aviv University & KU Leuven.  They published the results of their research in a technical paper, available on Vanheof’s dedicated microsite. Vanhoef also discovered the KRACK vulnerability that affected WPA2 in 2017.

It may be recalled that the Wi-Fi Alliance launched WPA3 in June. It came in two flavors: WPA3-Personal, and WPA3-Enterprise.

The issues relate to WPA3-Personal which uses an authentication protocol called Simultaneous Authentication of Equals (SAE), also known as Dragonfly. A WPA3-Personal device uses it as a handshake mechanism to connect with other Wi-Fi-enabled devices.


Subscribe Now to receive Free Newsletter

* indicates required

By submitting this form, you are consenting to receive marketing emails from: EC-Council, 101 C Sun Ave. NE, Albuquerque, NM, 87109, http://www.eccouncil.org. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact