After almost two decades, WPA3 is here to fix the Wi-Fi security sins of the past | andropet
318 Cloister CT Chapel Hill NC 27514

After almost two decades, WPA3 is here to fix the Wi-Fi security sins of the past

By Williams Pelegrin

Wi-Fi

  • The Wi-Fi Alliance announced the next-generation WPA3 security protocol
  • The new protocol includes several improvements, especially for open Wi-Fi networks
  • WPA3-certified devices are expected to ship later this year

The WPA2 security protocol for Wi-Fi has been with us for almost 20 years. The Wi-Fi Alliance thinks that’s long enough. The Alliance, the network of companies like Apple, Microsoft, Qualcomm, and more, that brought Wi-Fi to the world, announced its next-generation WPA3 security protocol Monday.

Unlike previous incarnations, WPA3 finally secures open Wi-Fi networks by using individualized data encryption. This means the connection between your device on the network and the router is scrambled to ensure websites you visit aren’t tampered with.

Security researcher Mathy Vanhoef believes that could refer to Opportunistic Wireless Encryption, or encryption without authentication, though we are not completely sure if that is what the Wi-Fi Alliance is using.

Also notable is WPA3’s newer kind of handshake. WPA2 uses a four-way handshake to allow devices with pre-shared passwords to join a network. The new handshake, Vanhoef told ZDNet, “will not be vulnerable to dictionary attacks.”

Editor’s Pick

related article

41 percent of all Android devices vulnerable to “exceptionally devastating” Wi-Fi attack

A researcher has discovered a security flaw in the WPA2 Wi-Fi protocol, putting most modern, protected Wi-Fi networks at risk. According to the research, which was published earlier today, this can be used to steal …

For context, a dictionary attack is an attempted illegal entry to a computer system using a dictionary headword list to guess passwords.

WPA3 also blocks attackers once they make too many incorrect password guesses and implements a 192-bit security suite aligned with the Commercial National Security Algorithm (CNSA) Suite. This gives greater protection for government, defense, and industrial networks, which have higher security requirements than other networks.

Even if your password is relatively weak, WPA3 includes “robust protection” and simplifies security configurations for devices with either have very small displays or no displays at all.

Even with all of the improvements, WPA2 isn’t going away just yet — even with the recent KRACK exploit, which basically puts all modern networks using WPA or WPA2 at risk. Last October, it was reported that 41 percent of Android devices were vulnerable to the exploit, and even though Google pushed out security patches to address it, they have not made it to other affected devices.

It is unlikely current devices will be updated to support WPA3, though devices using the protocol are expected to ship later this year.

…read more

Source:: android authority

    

Leave a Reply

Your email address will not be published. Required fields are marked *