The Wi-Fi Alliance launched WPA3 Protocol with offering of more resilient, and password-based authentication for WiFi users, even when they choose passwords that fall short of typical recommendations.
But the WPA3's Simultaneous Authentication of Equals (SAE) handshake, the secure key protocol between devices which ensure stronger protection against password guessing attempts by third parties has been reported to have a flaw that could allow hackers gain access to non-encrypted traffic between the device and the access point.
The report credited to security researchers, Mathy Vanhoef and Eyal Ronen, which they dubbed Dragonblood revealed that WPA3’s Simultaneous Authentication of Equals (SAE) handshake, known as Dragonfly, is susceptible to password partitioning attacks, with the possibilities of also breaking the encryption.
This flaw could be leveraged by an attacker to crack the WiFi users passwords or even get access to the encrypted traffic exchange taking place between the devices.
As the increase of transmission of sensitive information over the Wi-Fi connections has made it mandatory to secure this important gateway, the Wi-Fi Alliance has made a number of improvements to ensure stronger protections for the data exchanged between computers, phones or smart home devices.
The researchers promptly forwarded their findings to the Wi-Fi Alliance, and the organization worked closely with the security team to release a fix, which software patch will be made available through the regular software update for all devices.
It is highly recommended that all WiFi users should update their devices by installing the latest software patches as they are made available, so as to avoid becoming victims of password hack.