The new Wi-Fi security protocol WPA3 is no longer secure. University researchers have discovered several new holes that enable hackers to steal Wi-Fi passwords. No one has exploited these vulnerabilities yet, but it merits immediate patching.
The flaws in the WPA3 Wi-Fi authentication protocol were discovered by Mathy Vanhoef of New York University Abu Dhabi and Eyal Ronen of Tel Aviv University & KU Leuven. They published the results of their research in a technical paper, available on Vanheof’s dedicated microsite. Vanhoef also discovered the KRACK vulnerability that affected WPA2 in 2017.
It may be recalled that the Wi-Fi Alliance launched WPA3 in June. It came in two flavors: WPA3-Personal, and WPA3-Enterprise.
The issues relate to WPA3-Personal which uses an authentication protocol called Simultaneous Authentication of Equals (SAE), also known as Dragonfly. A WPA3-Personal device uses it as a handshake mechanism to connect with other Wi-Fi-enabled devices.