The Wi-Fi Alliance has announced WPA3, a new standard of Wi-Fi security features for users and service providers. This is welcome news, given that a W
The Wi-Fi Alliance has announced WPA3, a new standard of Wi-Fi security features for users and service providers. This is welcome news, given that a Wi-Fi exploit was uncovered late last year which affected all modern Wi-Fi networks using WPA or WPA2 security encryption, letting attackers eavesdrop on traffic between computers and wireless access points. The new WPA3 features will include “robust protection” when passwords are weak, and will also simplify security configurations for devices that have limited or no display interface.
“Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry,” said Joe Hoffman from consulting firm SAR Insight & Consulting in a statement. The Wi-Fi Alliance is made up of companies including Apple, Intel, and Microsoft. For those who work in coffee shops and often use public Wi-Fi, WPA3 will also have individualized data encryption that will strengthen privacy in open networks. While there aren’t further details about that tool, security researcher Mathy Vanhoef suggests that might refer to Opportunistic Wireless Encryption, or encryption without authentication.
- 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems.
- Individualized data encryption, so that hackers lurking on public Wi-Fi networks will find it more difficult to listen in on your wireless communications
- Anti brute-force dictionary attacks. WPA3 will protect against brute-force dictionary attacks, making it tougher for attackers near your Wi-Fi network to guess a list of possible passwords.
- WPA3 also enforces interaction with the network when a password is entered, signalling the hotspot or router that someone is trying to guess your password and enabling limits to be placed on the number of guesses.
- Permanent fix for “KRACK” for Key Reinstallation Attack.
WPA2 uses a four-way handshake that ensures the same password is being used by both clients and access points when they join a Wi-Fi network. Vanhoef told ZDNet that the WPA3 standard will use a new handshake, which won’t be vulnerable to dictionary attacks. Further, WPA3 will also feature a 192-bit security suite aligned with the Commercial National Security Algorithm (CNSA) Suite that will protect government, defense, and industrial networks that have higher security requirements. The new security features will be available later in 2018