Back in October 2017, researchers disclosed a serious vulnerability in the WPA2 protocol that is used on all major Wi-Fi connections. The insecurity, known as KRACK, allowed attackers within range of an unpatched device to intercept sensitive data such as passwords, emails and bank details assumed to have been encrypted.
This fundamentally undermines wireless security which is simply unacceptable as almost all devices now connect wirelessly to the internet.
So, after a 14 year long wait, Wi-Fi Alliance, the official certifying body of Wi-Fi devices, has finally announced the details of a new security standard, WPA3, and, new improvements to the existing protocol, WPA2.
Improvements to WPA2
To continue the delivery of strong security defences for Wi-Fi users, a number of configuration, authentication and encryption improvements have been implemented.
The first is the imposed adoption of Protected Management Frames (PMF) on all ‘Wi-Fi CERTIFIED’ devices. The adoption of PMF will enhance the security on the unicast and multicast management action frames. This enhanced security will protect the management frames from malicious attacks such as eavesdropping attacks like KRACK and spoofing.
The second improvement aims to reduce potential security breaches that can be caused by the misconfiguration of certified wireless devices. To ensure this, Wi-Fi Alliance are enforcing vendors to do regular checks on certified devices and ensure that devices are operating at a Wi-Fi security best practice level.
The final enhancement to WPA2 is to standardise the 128-bit cryptographic suite for better network security.
It’s been long-awaited but its almost here! Over the course of 2018, four new major capabilities for Wi-Fi networks will appear as part of the Wi-Fi CERTIFIED WPA3. The new Wi-Fi security protocol which will supersede WPA2 in the future aims to simplify device security and bring robust protection.
At present, an attacker can attempt to guess a router password as many times as they wish though brute force and dictionary attacks. Currently, if you have a weak password that contains no numbers or special characters, it will only take a short amount of time for a hacker to guess the password. To prevent such incidents from happening, one of the four new capabilities of WPA3 is a new handshake that limits the amount of times you can guess a password incorrectly – unsuccessful password attempts are automatically tracked by the new protocol.
Another new feature of WPA3 is individualised data encryption for each user in order to strengthen privacy when using an open network. The new protocol intends to encrypt the communication between a user and an open wireless device in a public environment. Currently, if you’re connecting to an open Wi-Fi device in a public place such as a hotel or a coffee shop, you have to use something like a VPN to encrypt your traffic through a tunnel first to prevent an attacker from listening in to the connection.
The new WPA3 will come with much stronger encryption, it will use a 192- bit key length as opposed to the 128-bit that is currently used in WPA2. This new feature will be aligned with Commercial National Security Algorithm (CNSA) Suite and aims to further secure Wi-Fi devices with increased security requirements such as for government, industrial and defence use.
The final feature of WPA3 makes it a lot easier for devices with limited or no screen display such as IoT devices to connect to a Wi-Fi hotspot.
As it stands, WPA3 looks to be a great improvement for Wi-Fi security, not only for organisations but for individuals too. However, for the foreseeable future WPA2 will still be deployed in Wi-Fi CERTIFIED devices.
This all means that after falling somewhat behind in security wireless should have caught up. However, until the new standard is out in the wild and researchers and security folk have had a chance to get our hands on it we will not know exactly how secure it is. Fingers crossed!
If you’d like to conduct a Wireless security assessment of your current Wi-Fi network get in touch.
For advice on how Commissum can work with your organisation for improved wireless security assurance, get in touch!