The WiFi Alliance, an organization formed by big players like Apple and Intel, has announced the arrival of a new negotiation protocol for WiFi access points known as WPA3. Almost a decade has passed since WiFi security has been updated, and the current wireless ecosystem is patchy at best. The real question now is whether WPA3 actually corrects the problems that existed in its predecessors and whether it can stand the test of time as a protocol that helps public wireless networks maintain their security.
What Took So Long?
Most threats to WiFi have been the result of human error. When someone attacks a network, this usually happens because the owners didn’t set a password for it or set it up in a way that protects the individuals connected to it. There were rare instances when hackers managed to penetrate private WiFi networks, but it wasn’t a widespread issue.
2017 changed everything. Hackers became more sophisticated, and new vulnerabilities were discovered more quickly than they could be patched. One of the casualties was WPA2, which suffered from something called the “Key Reinstallation Attack” (KRACK).
Unfortunately for WiFi users all over the world, KRACK is something that affects every single access point that uses WPA or WPA2. This attack would allow any hacker to act as an impostor for any user and act as a middleman between them and the router servicing the connection.
Public WiFi networks have always been iffy, though, since they offered no built-in encryption to any devices connected to them. WPA and WPA2’s encryption wasn’t a given, either. By gaining access to the network, a hacker could still sniff out user traffic.
This is why WPA3 was developed. There was just too much hostility and panic surrounding current wireless networks. Something had to be done.
How WPA3 Makes Things Different
The WPA3 protocol focuses on individual devices connecting to the router as opposed to seeing all of them in a group. From the top down, this is the thinking that brought about this new form of authentication. Its predecessors were always placing a higher priority on protecting the network from intrusion and trusting everyone that is already inside of it. But in public places like coffee shops, this isn’t necessarily ideal.
Also, hackers who attempt to infiltrate a private network will find themselves unable to use dictionary attacks to guess the password. Under WPA3, there’s a limit to how many times you can attempt to get the password right before you are blocked from making any more attempts.
Even if the network is not password protected, each individual connected to it gets their own encrypted line with a 192-bit CNSA-based algorithm intended for government, defense, and sensitive industries.
There was also a problem with WPA2 in which hackers could send a “death packet” to a router without even entering the network. This “death packet” would kick anyone off the network at the whim of the sender. To the user, it would appear as if the connection isn’t working anymore, and the attacker can do this at any point, as many times as necessary to annoy the user. Routers with WPA3 will just ignore these packets.
When Should We Expect WPA3 to Appear?
We can reasonably expect routers to begin implementing this technology through 2018. However, WPA2 isn’t going anywhere anytime soon. It’s had almost ten years to spread from restaurant to restaurant. Places that offer free WiFi will not replace a router unless it begins to malfunction, so expect this change to be gradual. Fortunately, you can check your device to see what kind of authentication the router you’re connecting to offers.
Would the WPA3 protocol make you feel safer when using WiFi? Let us know in a comment!