You may have seen this image (left) printed on the boxes of your home router or Wi-Fi access point, but what does it mean? A device that is Wi-Fi Certified is a device that meets the hardware specifications for compliance and interoperability by the Wi-Fi Alliance. This group tests and verifies that wireless devices adhere to IEEE standards as well as their own standards for security-WPA, WPA2, and soon WPA3.
Wi-Fi Protected Access, or WPA, is a security standard developed by the Wi-Fi Alliance to overcome the limitations of the WEP standard. WEP was one of the original Wi-Fi security standards and is extremely vulnerable to hacking and hasn’t been considered secure since WPA was released. Security can always be improved, so the Wi-Fi Alliance developed the WPA2 standard, which uses more robust encryption over WPA. However, WPA2 was compromised last year with the Key Reinstallation Attack (KRACK) vulnerability. Although WPA3 was already under development when the KRACK weakness was identified, it couldn’t have been a better time for it. So how is security improved with WPA3 over its predecessor WPA2? The Wi-Fi Alliance has outlined four key areas of improvement.
Ease of Connecting IoT (Internet of Things) Devices
Whether you are talking about smart light bulbs, smart thermostats, or smart appliances, devices are increasingly becoming connected to our networks. Most IoT devices don’t have screens and keyboards—meaning you’d have to use an App on your mobile phone to get devices connected. WPA3 will include a one-touch setup to allow these devices to connect to your network effortlessly.
The Wi-Fi Alliance engaged the Committee on National Security Systems (CNSS) to incorporate a 192-bit secure encryption mechanism into the standard. Therefore, WPA3 will be approved for use for the United States National Security Agency (NSA.)
Resistance Against Brute Force Attacks
The KRACK vulnerability has been resolved within the definition of the WPA3 protocol. With WPA2, KRACK was resolved by vendor issued/defined software patches as it was a vulnerability inherent with WPA2. Additionally, WPA3 protects against brute force attacks, also known as dictionary attacks. A brute force attack happens when a hacker repeatedly attempts to authenticate to a wireless network using common words and phrases. WPA3 limits the quantity of authentication attempts a user is allowed—severely hampering the effectiveness of brute force attacks.
Secure Public Wi-Fi
The greatest threat to Wi-Fi security today are public hotspots—open, unsecured networks at coffee shops, airports, and restaurants. All wireless traffic is sent in clear text between the client and wireless access point, making data vulnerable to hackers eavesdropping on users. Although most websites now use HTTPS to secure traffic—many websites and transactions are still vulnerable. WPA3 will encrypt every connection between a wireless client and access point—regardless if there is a pre-shared key (PSK.) This mitigates the vulnerability of public hotspots while still allowing the ease of access.
WPA3 certainly has much needed improvements over WPA2, which has been out since 2004! Chip manufacturers have already begun integrating WPA3 into new chips but won’t likely hit the market until the end of 2018. As with most things Wi-Fi, devices will be backwards compatible with WPA and WPA2 to allow for support for legacy devices and smooth transition with the new WPA3 standard. Be on the lookout for support of WPA3 in the upcoming months and ensure you keep pace with the latest security standards.
Alex Zeltmann is an ABS veteran and a rockstar Infrastructure Engineering Manager. With over 10 years of experience in networking technology, he leads ABS’ team of implementation engineers as they integrate the latest technologies for ABS clients.