New security features will strengthen privacy – even when simple network passwords are picked

Fresh capabilities for personal and enterprise WiFi networks will emerge in 2018, as the non-profit Wi-Fi Alliance finalizes the launch of the WPA3 protocol.

The Texas-based association, which counts Apple, Intel, and Samsung among its members, said the new protocol will build on the “widespread adoption and success” of WPA2.

WPA3 presents four new capabilities for personal and enterprise WiFi networks. Two of the features are said to deliver “robust protections” even when users choose passwords that fall short of typical complexity recommendations, and will simplify the process of configuring security for devices that have limited or no display interface.

Another feature will strengthen user privacy in open networks through individualized data encryption, the Wi-Fi Alliance said.

Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA), will further protect WiFi networks with higher security requirements, such as government, defense, and industrial.

Firm handshake

The rollout of WPA3 comes on the heels of last year’s discovery of a serious weakness in its predecessor, WPA2, which was first rolled out more than a decade ago and is still used to protect the vast majority of WiFi connections around the world.

Mathy Vanhoef, a security expert at Belgian university KU Leuven, exposed a flaw in the protocol’s cryptographic handshakes, which potentially allowed hackers to steal sensitive information such as credit card numbers, passwords, and emails.

According to Vanhoef, an attacker within range of a wireless device could exploit these weaknesses by launching a Key Reinstallation Attack – or ‘Krack’ – whereby a victim is tricked into reinstalling an already-in-use session key.

Taking to Twitter in the wake of the Wi-Fi Alliance’s announcement, Vanhoef noted that although the standards behind WPA3 have “already existed for a while”, hardware vendors will now be required to adhere to the protocol in order to receive the ‘WPA3-certified’ seal of approval.

Given that widespread adoption of the new protocol won’t take place overnight, the Wi-Fi Alliance said it will continue to enhance WPA2 with Protected Management Frames.

New testing enhancements have also been implemented in an effort to reduce the potential for vulnerabilities due to network misconfiguration, and further safeguard managed networks with centralized authentication services.

“Security is a foundation of Wi-Fi Alliance certification programs, and we are excited to introduce new features to the WiFi Certified family of security solutions,” said Edgar Figueroa, president and CEO of Wi-Fi Alliance.