Earlier this year, the Wi-Fi Alliance introduced the next-generation Wi-Fi authentication protocol called WPA3 for the first time. The consortium has now started certifying routers and devices implementing this new protocol, which means we should have WPA3-enabled devices on the market soon.
A KRACK In Wi-Fi Security
Last year, a Belgian researcher disclosed a serious flaw in the WPA2 security protocol, which allowed attackers to use key reinstallation attacks (KRACKs) to change or reset users’ Wi-Fi encryption keys. Once the attackers could do that, they would be able to read all of a device’s internet traffic in plaintext.
The flaw that allowed these attacks wasn’t in the software implementation of the WPA2 protocol, which is usually what happens with most other similar bugs, but in the WPA2 protocol design itself. Because it was a protocol flaw, it affected all Wi-Fi devices, regardless of what operating system they were running.
The KRACK exploit is what prompted the Wi-Fi Alliance to rush to announce a new security protocol only months after KRACK was first revealed (plus several other months during which the researcher had privately disclosed the bug to the consortium). WPA3 aims to replace the 14-year-old WPA2 protocol.
WPA3 Enhancements
The WPA3 protocol arrives with four main enhancements. Two of them will make password-based authentication more resilient to bruteforce attacks, even when users choose simple passwords for their routers.
Another will offer improved protection to users of open networks through individualized encryption. In other words, you should be more secure when accessing WPA3-enabled airport routers in the future. The fourth feature is a 192-bit security suite for enterprise-level users.
The consortium also introduced the Wi-Fi CERTIFIED Easy Connect program to reduce the complexity of on-boarding new IoT devices, which lack an interface, to a network. Smartphones will also be able to securely connect to a new network in the same way by scanning a QR code.
