The “dragonfly handshake”—a nickname for a wi-fi security protocol thought to provide strong protection from hacking—may not be as firm as previously thought. Two security researchers, Mathy Vanhoef of NYU Abu Dhabi and Eyal Ronen of Tel Aviv University, have found that the WPA-3 protocol can indeed by breached, despite claims that its method of authentication, called Simultaneous Authentication of Equals (SAE), would make passwords almost impossible to crack. The researchers, who won a Pwnie Cryptography Award in 2019 and garnered press coverage in Forbes Magazine, ZDNet, and others, identified “severe vulnerabilities in all implementations,” and revealed “side-channels that enable offline dictionary attacks.” Vanhoef, who is affiliated with the Center for Cybersecurity at NYU Abu Dhabi, and his colleague recently presented a paper on this work at the IEEE Security and Privacy Conference, one of five CCS-affiliated presentations delivered at the 2020 S&P Conference.
Leave a Reply