We all use WiFi all the time. There are more WiFi devices in existence than there are people. It is how most of us connect to the internet and a lot of that internet activity involves communicating highly sensitive and personal data.
It is, therefore, a pity that WPA2, the standard used to protect data as it travels over the radio waves between your device and the router which connects it the internet, is completely broken.
A whitepaper published in October last year demonstrated that every WPA2 connection is insecure. Thanks to the KRACK vulnerability, all unencrypted data sent over WiFi on pretty much every one of the 9 billion WiFi devices on the planet, can be easily snooped on by hackers.
And perhaps the most alarming thing at the time was that there was nothing to replace it...
It therefore comes as little surprise that the Wi-Fi Alliance has recently announced the launch of WPA2’s successor, cunningly tilted WPA3. Not only does it fix the KRACK vulnerability, but it addresses many other issues with WiFi security in general that have become increasingly apparent since WPA2 was introduced back in 2004.
WPA3 comes in two versions: WPA-Personal and WPA-Enterprise.
The WPA2 standard has been creaking for quite some time now, but it was the discovery of the Key Reinstallation Attack (KRACK) vulnerability that galvanised the WiFi Alliance into introducing a new standard which overhauls WiFi security.
KRACK exploits a flaw in the four-way handshake used to secure WPA2 connections to routers, regardless of platform or device being used.
WPA3 fixes this by using a Simultaneous Authentication of Equals (SAE) handshake instead. A variant of the Dragonfy Key Exchange Protocol, this replaces the use of a Pre-shared Key (PSK) in WPA2 and a published security proof indicates that it is highly secure.
Better password security
In overhauling WiFi security, the WiFi Alliance also seeks to protect us from ourselves. The single biggest security problem with WiFi is that most people use very weak and easily guessed passwords.
And even if you have changed your password, WPA2 allows an attacker to make unlimited guesses. This allows them to perform a dictionary attack which throws thousands of common passwords per minute at your router until it finds the right one.
WPA3 mitigates against password attacks in two ways. The Simultaneous Authentication of Equals handshake prevents dictionary attacks by stopping an attacker from making more than one guess at the password per attack. Each time an incorrect password is entered they would need to reconnect to the network in order to make another guess.
Natural Password Selection is another new feature. It is claimed that this will help users pick strong but easy-to-remember passwords.
Forward Secrecy means that each time a WPA3 connection is made, a new set of encryption keys are generated. If an attacker were ever to compromise your router’s password, they will not be able to access data that has already been transmitted as it is protected by different sets of keys.
As its name suggests, WP3-Enterprise aims to provide businesses, governments, and financial institutions with even greater security.
Data is protected with a 256-bit Galois/Counter Mode Protocol (GCMP-256) cipher, using a 384-bit ECDH or ECDSA key exchange with HMAC SHA385 hash authentication. Protected Management Frames (PMF) are secured using 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256).
Interestingly, the WiFi Alliance describes this suite of encryption algorithms as “the equivalent of 192-bit cryptographic strength.”
Mathy Vanhoef is the PHD researcher at KU Leuven who discovered the KRACK vulnerability in WPA2. In a recent blog post, he described WPA3 as a missed opportunity.
WPA3 is not a standard, as such. It is a certification program. If a product supports and correctly implements the standards specified for WPA3 then the WiFi Alliance will award it Wi-Fi CERTIFIED WPA3™ certification.
When WPA3 was first announced, it was proposed that it would include 4 key standards:
- The Dragonfly handshake (SAE)
- Wi-Fi Easy Connect, a feature which fixes known vulnerabilities in the current Wi-Fi Protected Setup
- Wi-Fi Enhanced Open, aimed at making using public WiFi hotspots safer by providing unauthenticated encryption when connecting to an open hotspot
- It would increase session encryption key sizes.
In its final form, however, standards 2-4 are recommended for use in WPA3 devices but are not required. To receive official Wi-Fi CERTIFIED WPA3™ certification manufactures need only implement a Simultaneous Authentication of Equals handshake.
The Wi-Fi Easy Connect and Wi-Fi Enhanced Open standards each get their own separate certification from the WiFi Alliance, while increased session key size is only required for WPA3-Enterprise certification.
“I fear that in practice this means manufacturers will just implement the new handshake, slap a ‘WPA3 certified’ label on it, and be done with it [...] This means that if you buy a device that is WPA3 capable, there is no guarantee whatsoever that it supports these two features.”
In fairness to the WiFi Alliance, the decision was probably made in order to encourage WiFi manufactures to adopt the standard as soon as possible by making it less arduous for them to implement.
There is also a good chance that manufacturers will voluntarily choose to include the Wi-Fi Easy Connect and Wi-Fi Enhanced Open standards in their WPA3 products.
So what next?
The WiFi Alliance does not expect any WPA3 products become available to buy until at least late this year, and does not expect to see broad implementation until late 2019 at the earliest.
In theory, most WiFi products can be upgraded to WPA3 via software patches. It seems unlikely, however, that many manufacturers will dedicate resources to developing such patches for existing products that could instead be spent on developing new products for the market.
This is not true of all companies. Router-maker Linksys, for example, has confirmed its commitment to issuing WPA3 firmware updates for “legacy products.”
In most cases, however, upgrading to WPA3 will involve throwing away your router and all your WiFi devices and replacing them with new WPA3 gear. Given that there are currently some 9 billion WiFi-enabled devices on the planet, this is not going to happen overnight.
It will probably therefore be years before the WiFi ecosystem has developed to the point where WPA3 might be considered ubiquitous; and by then, of course, we might urgently need a new WPA4 standard!
WPA3 is backward compatible
Given that WPA2 is highly insecure, everyone really should upgrade to WPA3 as soon as possible. Realistically, however, most people are not just going to throw away their expensive existing gear.
It is therefore useful that WPA3 is backward compatible. WPA3 routers will accept connections from older (WPA2) devices, and WPA3 devices will be able to connect to older routers. But unless both router and device are WPA3-ready, the connection will not benefit from the improved security offered by the new standard.
Until you are fully WPA3-compliant, we therefore strongly recommend that you mitigate the KRACK vulnerability by running a VPN connection on all your WPA2 devices (not the router itself).
In much the same way that using a VPN protects you when using a public WiFi hotspot, this ensures that all data traveling between your device and the router is securely encrypted, and therefore safe from a KRACK attack.
Being careful to only visit HTTPS websites also mitigates the problem, but requires constant vigilance on your part. Desktop systems can be connected to your router via an Ethernet cable, which makes them immune to KRACK attacks.
WPA2 is broken, so WPA3 cannot come soon enough - and you should adopt it as soon as you can. It is a shame that the full original set of WPA3 standards did not make the final cut, but if this results in quicker broad adoption of WPA3 then the decision may be vindicated.
Manufacturers may decide to include the Wi-Fi Easy Connect and Wi-Fi Enhanced Open standards in their WPA3 products, anyway.
In the meantime, do please be aware of just how insecure your existing WiFi connections are, and take steps to mitigate the problem.
Image credit: By BeeBright/Shutterstock.