The WiFi Alliance has announced that a new version of the WPA protocol, WPA3, will be released later this year.
The new release will provide a welcome upgrade from the 14-year old WPA2 that was successfully defeated by the KRACK Attack in October 2017. While that particular vulnerability - based around using key reinstallation attacks - has now been patched by the major vendors, the probability of other weaknesses being uncovered over time is considerable.
In a move to future-proof the new WPA3 standard the WiFi Alliance has built in several new features, including a beefed-up 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the US Committee on National Security Systems, that will further protect higher security requirement Wi-Fi networks such as government, defence, and industrial, and also strengthened user privacy in open networks - such as airports, hotels and coffee shops - by deploying individualised data encryption.
In addition, two of the new features are designed to improve protection when users choose low-security passwords. Another interesting enhancement is a simplified process for configuring security in devices that have limited or no display interface at all - a considerable boon for IoT devices of all stripes.
Javvad Malik, security advocate, AlienVault, commented to SCMedia UK: “WPA3 looks to introduce some good security upgrades meaning that dictionary attacks should no longer work. Furthermore, WPA3 appears to have IoT devices in mind by being able to streamline the process to configure devices that may not have a display, therefore increasing the likelihood that users will securely configure devices.”
Mark James, security specialist, ESET also welcomed the move: “The problem with standards that have been around a while are that they are not always as secure as we would like, and even when we do think they are “the best” option, they end up being compromised and open up the possibility of our precious data being exposed to hackers or malicious actors. So, the introduction of a new more secure standard is great news - hopefully we will see devices with WPA3 as quickly as possible. The good thing is we understand the need for the better security- we have seen how WPA2 can be compromised and the dangers involved.”