What is WPA3?
WPA3 is the third generation of wireless protection for WiFi routers. WPA (Wi-Fi Protected Access) is the protocol and encryption that protects the wireless communication between your laptop or phone to the WiFi router. Without it, anyone within the distance of your WiFi router can see what you are doing on the Internet, which is why it’s paramount to keep that communication protected.
Unfortunately, hackers have found ways to break this. The original protection WEP (Wired Equivalent Privacy) was quickly hacked due to the use of a static key and the first generation of WPA followed that was also hacked and WPA2 became the standard. WiFi users have enjoyed pretty good protection until last year when a new method called KRACK (Key Reinstallation AttACK) demonstrated that WPA2 can also be compromised. Companies such as ourselves have provided patches to plug this new crack in the system (pun intended), but there may be other vulnerabilities that can be exposed since the standard is more than 15 years old by now.
Luckily, the wizards at the Wi-Fi Alliance have been working on a new protection standard, WPA3. With everything from toothbrushes to refrigerators connected to WiFi, extra precautions must be taken to protect the runaway success of WiFi.
There are four areas of improvement that WPA3 has over the existing WPA2:
First: The new protocol prevents brute force guessing of WiFi passwords by requiring additional action when a wrong password is used.
Second: Each client has an individual master key to generate the encryption hash. Even if a hacker does get your WiFi password, they can’t recreate the key that you use to communicate with the WiFi router.
Third: Governments and companies can now use 192-bit encryption in enterprise mode, making it more difficult to break the encryption.
Fourth: There is an additional bootstrapping mode for connected gadgets that lack screens or keypads. Now they can use a smartphone to configure the SSID and password. This bootstrapping mode can be initiated with a public key transmitted in a QR code, NFC, or Bluetooth from the gadget. Practically, you can use a smartphone to scan the QR code label on the gadget and have it configured to work with the WiFi router that supports WPA3.
WPA3 is Not Enough
WPA3 looks to be a great solution for years to come, however, it’s not enough because hackers are using other methods to attack the WiFi network. The recent VPNFilter virus doesn’t take advantage of any of the WPA2 shortcomings. Instead, the attack is targeting known vulnerabilities in the WiFi routers’ web interface, remote ports that are open with hard-coded passwords, software that is not updated, and vulnerable connected IoT devices. WPA3 has fixed none of these security issues.
While WPA3 is great to have, in a communication system, there are multiple layers and WPA3 only secures the basic wireless physical layer. To ensure better security, we also need to secure the networking layers and the application layer. Traditional anti-virus software has been understood to handle the application layer protection and has done a decent job thus far. But with the explosion of connected devices in the homes and businesses, network layer protection is severely lacking in the industry.
Traditional routers let all traffic in and out with no regard if the traffic is malicious. For devices like connected thermostats and smart TVs, there is no way to install anti-virus software. All these devices are little computing devices mostly running a version of Linux OS that can do great damage when used by a nefarious hacker. Any compromised device can compromise the entire network, and because of this, network layer protection is not only a sensible layer of protection but more critical than ever as we add ever more connected gadgets in our homes. Hence, WPA3 is just not enough. But do upgrade when available.
John Wu is CEO and co-founder of Gryphon Online Safety.
Filed Under: Infrastructure, IoT • IIoT • internet of things • Industry 4.0