Nowadays, all offices, hotels, parks, hospitals and above all private domiciles, have Wi-Fi connectivity for laptops, tablets and smartphones. Likewise, we must consider the new lines of intelligent domestic equipment, also connected and remotely managed via Wi-Fi. There is, however, a question we all ask ourselves: how safe are wireless networks?
Should a hacker access our Wi-Fi, they could monitor traffic, get usernames and passwords used for open sites, read our mail, use our internet connection… In a nutshell, invade our privacy and influence the use of it. To tackle these problems, the Wi-Fi Alliance adopted certain security measures. The most recent standard incorporated was the WPA2 (Wi-Fi Protected Access version 2), way back in 2004, considered to be state-of-the-art security for wireless up until October 2017.
What happed in October 2017?
WPA 2 uses a ‘Four Way Handshake’ mechanism to associate a device to a Wi-Fi network. The access point verifies the client’s credentials and, if valid, creates a key (PTK: Pairwise Transient Key), which encrypts communications between the access point and the terminal (both must support WPA2).
In October 2017, a vulnerability concerning the Four Way Handshake was detected. The KRACK-Key Reinstallation Attack opened the door to potential security weaknesses and could even allow a hacker to access private user data.
At this point, most vendors worked urgently to create patches as an intermediate measure to safeguard their devices (particularly terminals, since KRACK is mainly used as a man-in-the-middle attack against clients connecting to Internet). Microsoft Windows incorporated a patch within the same month, Apple released iOS 11.1,Google resolved the problem in November, etc.
A new safety standard is announced
In January 2018, at the Consumer Electronics Show in Las Vegas, the Wi-Fi Alliance announced a new safety standard: the Wi-Fi Protected Access 3 (WPA3). As of this year this shall be considered the new security level recommended for these types of network.
Its main aim is to increase security in wireless networks at the access point (to protect them from cybercriminals) and it should be implemented in all possible devices in the near future.
While WPA3 is safer than WPA2, the Wi-Fi Alliance still supports the latter as, when updated with the appropriate measures, it does prevent attacks such as KRACK in wireless networks. Therefore, provided the latest SW releases have been incorporated in our devices, domestic and corporate networks can be considered safe.
What improvements does WPA3 offer?
The arrival of WPA3 does solve some of the problems (previously unknown to users) linked to Wi-Fi networks by simplifying connections for devices without consoles/screens (IoT in particular) and improving encryption for transmitted data:
• Increased protection for data in open networks: these are the typical free accesses we find at airports, malls and in public areas. These connections are very unsafe, since anyone can connect to the network and view data belonging to other users. Furthermore, they are not encrypted unless accessed via some means of security such as HTTPS/SSL sessions or a VPN. In these scenarios, the advantage of WPA3 is that it automatically encrypts data belonging to each terminal, even for open accesses.
• Networks with weak access keys: WPA3 increases security even when a network configuration includes weak keys such as “123456” or “abcdef”, by preventing brute force/dictionary attacks. Moreover, it has additional mechanisms that block the terminal authentication process after a number of failed access attempts.
• Simpler configurations for IoT devices and gadgets: often designed without consoles, keyboards or screens to configure keys. However, WPA3 is intended to simplify association to a Wi-Fi network through, for instance, an application in a smartphone and a small pushbutton on the gadget. The actual data and options for this are still pending release.
• Improved key length: While WPA2 works with 64 and 128bit keys, WPA3 uses up to 192 bits, thus complying with the CNSA (Commercial National Security Algorithm) requirements commonly used in the government, defense, and strategic industry sectors.
While we wait for the manufacturers to introduce WPA3 in their devices over the course of 2018, the Wi-Fi Alliance has launched a series of recommendations for the continued use of WPA2, to periodically check and improve network access keys and keep devices updated.
Teldat is fully committed to incorporating the latest security standard in all their product portfolio over the present year, while introducing continuous upgrades to maintain and improve security.