The Wi-Fi Alliance has announced additional measures to secure wireless devices, following revelations last year about an oversight in the WPA2 specification which left devices vulnerable.

Specific technical details are still scarce, though the benefits of WPA3 include hardened individualized data encryption on open Wi-Fi networks, security protections even when users choose passwords that are not sufficiently complex, and a simplified security management process for devices without screens (or screens large enough to be useful for a given task, imagine difficult to configure IoT gadgets), and the use of 192-bit security suite. The first WPA3-certified devices are expected to ship this year. Given that devices require certification to use WPA3, it seems unlikely that routers or other devices will be able to start using WPA3 via firmware updates, though this depends on the generosity of the manufacturer.

Despite the disclosure of the KRACK vulnerability, WPA2 is not being retired immediately. Google released a patch for KRACK in Android as of the November 6, 2017 security bulletin, though as with any other security update, OEMs are responsible for delivering it to their devices.

PRESS RELEASE