After a flaw was found in the WPA2 encryption protocol for Wi-Fi last year, the Wi-Fi Alliance announced WPA3, a next-generation protocol that fixes the flaw and enhances its security.
A KRACK In WPA2
Last year, we learned from a Belgian security researcher that the WPA2 encryption protocol had a serious flaw that could allow attackers to connect to a victim’s Wi-Fi router, when in range, and then be able to intercept all messages. To intercept the data the attacker would perform a key reinstallation attack, which is how it got the name of “KRACK.”
The attack would work against virtually any device and platform, including Android, Linux, Apple (iOS and macOS), Windows, OpenBSD, MediaTek chips, Linksys routers, and more. The reason for why it worked on all of them was because the attack exploited the Wireless Protected Access 2 protocol itself, rather than its implementation.
WPA3 To The Rescue
The flaw was made public only last October, but the researcher had already announced the Wi-Fi Alliance a few months earlier. Since then, the organization has had some time to come-up with a next-generation protocol that both fixes the KRACK flaw and enhances 14-year old WPA2 protocol.
The Wi-Fi Alliance said that it will continue to license devices using WPA2 for the time being, as the flaw could also be fixed in software. However, there’s a bigger risk of improper security configuration, so it may be best for router makers, consumers, and enterprise customers to start moving away from WPA2 devices as soon as possible.
WPA3 will be secure against attacks such as KRACK by default, offer simpler security configuration, and it will also add new security capabilities. Two of those features revolve around recommending stronger passwords for users that tend to pick short, simple passwords. Another feature will strengthen user data protection and privacy in an open network (hotspot without a password). The fourth feature is a 192-bit security suite that’s mainly targeted at enterprise customers and government agencies with a need for better security.
"Security is a foundation of Wi-Fi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi CERTIFIED family of security solutions," said Edgar Figueroa, president and CEO of Wi-Fi Alliance. "The Wi-Fi CERTIFIED designation means Wi-Fi devices meet the highest standards for interoperability and security protections," he added.
According to the Wi-Fi Alliance we should start seeing WPA3-certified devices appearing later this year.