- Wi-Fi Alliance releases a new WiFi Protected Access protocol, WPA3.
- It’ designed to make the process of configuring security simple for devices with no or limited display interfaces.
- WiFi networks with higher security requirements will use a 192-bit security suite.
The Wi-Fi Alliance, a non-profit organization that certifies Wifi products if they meet certain standards of interoperability, has released WPA3 protocol – a new WiFi Protected Access protocol that replaces WPA2, enhancing security.
The organization has released this update nearly 1 year after the KRACK exploit (Key Reinstallation Attacks) made headlines. While this exploit left many Android/iOS device and routers vulnerable to attacks, it was patched soon by tech giants like Apple, Microsoft and Google.
Considering how WPA2 is nearly 13 years old now, the update seems quite necessary. Wi-Fi Alliance is now working on authentication, encryption and configuration across its portfolio to make sure that certified devices continue to run state-of-the-art security systems.
What’s wrong with WPA2?
Billions of devices run on WPA2 protocol, and millions of advanced WiFi applications rely on WPA2 with Protected Management Frames. However, a serious weakness in WPA2 discovered in October 2017 allowed attackers to
- Disconnect you anytime
- Crack your password offline
- Sniff your traffic and spoof you
Although all security loopholes have been fixed, the patches don’t make your devices completely hack-free as they are only software based, which might have reduced the severity of the situation.
Wi-Fi Alliance is now more focused on simplifying security configuration for users as well as service providers, while improving the network security protections.
The WPA3 protocol is released with 4 new capabilities as a part of WiFi Certified WPA3 –
- Robust protections even in the case when users select less complicated passwords.
- It makes the process of configuring security simple for devices with no or limited display interfaces.
- The user privacy is strengthened in public networks via separate data encryption.
- WiFi networks with higher security requirements (like defense, government, industry) use a 192-bit security suite, aligned with CNSA (Commercial National Security Algorithm) suite.
Source: Wi-Fi Alliance
Here, the WiFi Certified refers to the devices that meet highest security protections and interoperability standards.
Instead of 4-way handshake (used in WPA2 to verify password), WPA3 standards uses a new handshake, which is more secure against dictionary attacks. Also, it blocks the authentication process after a few unsuccessful login attempts, thus preventing brute-force attacks.
If you are purchasing a new network device later this year, you will want to check out WPA3 certification. According to the AndroidPolice, the existing devices may not receive WPA3 firmware update, probably because of requirement of certification. However, this will primarily depend on whether manufacturing companies care to put efforts on securing the products they have already sold.
About Wi-Fi Alliance
It’s a worldwide WiFi ecosystem with a shared vision of connecting all devices with the best possible user experience. Since 2000, the organization has approved and certified over 35,000 WiFi devices.
At present, WiFi carries about half of the worldwide internet traffic in a wide range of applications. It continues to drive the evolution of WiFi, which billions of users can rely on daily.