WiFi Alliance Announces Upcoming Fixes to WPA2 10 Comments by Brian Benchoff
10 January, 2018, 09:29
The next generation of WiFi or Wireless Local Area Network (WLAN) equipped broadband ISP routers and devices will benefit from a new security protocol called Wi-Fi Protected Access III (WPA3), which should eventually replace the WPA2 standard that has helped to keep networks encrypted since 2004. It isn't, however, entirely ideal: The Key Reinstallation Attack (KRACK), publicly released in October previous year, exposed vulnerabilities within the standard which allow for the capture and decryption of supposedly protected traffic, packet replay and injection, and connection hijacking.
The Wi-Fi Alliance will continue to deploy WPA2 in Wi-Fi Certified devices.
You'll also see safeguards even when people have bad passwords, and a simplified security process for devices that have either a tiny display or none at all (say, wearable devices or smart home gadgets).
Cnet quoted Wi-Fi Alliance's vice president of marketing Kevin Robinson as saying that the WPA3 encryption would be built in the open network, providing every person who uses it a secure and private channel.
"The Wi-Fi CERTIFIED designation means Wi-Fi devices meet the highest standards for interoperability and security protections", he added.
The second is the ability to use nearby WiFi-enabled devices as the configuration panel for other devices. WPA3 improvements include individualized data encryption, which should strengthen privacy in open networks and provide nearly as much security as a home network.
The attack would work against virtually any device and platform, including Android, Linux, Apple (iOS and macOS), Windows, OpenBSD, MediaTek chips, Linksys routers, and more.
Whether it's to stream our favorite movies, update our apps or play our favorite games online, Wi-Fi has become a staple part of our lives. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect nearly every wireless device today - including phones, laptops, and the Internet of Things.
The first introduces individualized data encryption. This is a basic feature found in many web or software authentication systems and makes flawless sense to be deployed with WiFi networks, which are most often subject to dictionary brute-force attacks.
If you're in a government, defense, or industrial network, WPA3 also implements a 192-bit security suite that conforms to the Commercial National Security Algorithm. The new standard will improve the security and privacy both.