New Wi-Fi WPA3 security could be just as vulnerable to password hacks as WPA2

The vast majority of people out there don't know much about network security, if at all, but thankfully there are talented groups and individuals out there who are on constant lookout for flaws and vulnerabilities. Each security protocol we've seen has had some kind of issue (sometimes crippling), but the still-young Wi-Fi Protected Access protocol version 3, aka WPA3, remains vulnerable to attack, thanks to some pretty serious design flaws.

In a paper titled Dragonblood: A Security Analysis of WPA3’s SAE Handshake, authors Mathy Vanhoef and Eyal Ronen disclose and discuss elements of WPA3 that in some cases, ironically, leave it vulnerable to many of the same types of attacks that plagued its predecessor, WPA2. Previously, WPA2 relied on a four-way handshake, the means by which it authenticated devices. This handshake contains a hash of the network password, leaving it open to cracking (trivially easy in the cases of common or weak ones) if exposed or intercepted.

One of the great things with WPA3 is that capable devices are backwards-compatible with older ones that don't support it, thanks to the WPA3-Transition mode. However, this transitory process can be exploited. Since it allows for networks to support both WPA3 and WPA2 using the same password, an attacker can create a rogue WPA2 network with same SSID as the original. Client devices in the transition mode will then connect to the rogue network using WPA2, leaving the handshake exposed. The authors tested this with a variety of devices and found that this attack works on, among others, the Galaxy S10.