The Wi-Fi Alliance has announced additional measures to secure wireless devices, following revelations last year about an oversight in the WPA2 specification which left devices vulnerable.
Specific technical details are still scarce, though the benefits of WPA3 include hardened individualized data encryption on open Wi-Fi networks, security protections even when users choose passwords that are not sufficiently complex, and a simplified security management process for devices without screens (or screens large enough to be useful for a given task, imagine difficult to configure IoT gadgets), and the use of 192-bit security suite. The first WPA3-certified devices are expected to ship this year. Given that devices require certification to use WPA3, it seems unlikely that routers or other devices will be able to start using WPA3 via firmware updates, though this depends on the generosity of the manufacturer.
Despite the disclosure of the KRACK vulnerability, WPA2 is not being retired immediately. Google released a patch for KRACK in Android as of the November 6, 2017 security bulletin, though as with any other security update, OEMs are responsible for delivering it to their devices.
Wi-Fi Alliance® introduces security enhancements
New Wi-Fi® security features available in 2018
Las Vegas, NV – January 8, 2018 – Wi-Fi Alliance® introduces enhancements and new features for Wi-Fi Protected Access®, the essential family of Wi-Fi CERTIFIED™ security technologies for more than a decade. Wi-Fi Alliance is launching configuration, authentication, and encryption enhancements across its portfolio to ensure Wi-Fi CERTIFIED devices continue to implement state of the art security protections.
WPA2™ provides reliable security used in billions of Wi-Fi® devices every day, and will continue to be deployed in Wi-Fi CERTIFIED devices for the foreseeable future. Wi-Fi Alliance will continue enhancing WPA2 to ensure it delivers strong security protections to Wi-Fi users as the security landscape evolves. Advanced Wi-Fi applications will rely on WPA2 with Protected Management Frames, broadly adopted in the current generation of Wi-Fi CERTIFIED devices, to maintain the resiliency of mission-critical networks. New testing enhancements will also reduce the potential for vulnerabilities due to network misconfiguration, and further safeguard managed networks with centralized authentication services.
Building on the widespread adoption and success of WPA2, Wi-Fi Alliance will also deliver a suite of features to simplify Wi-Fi security configuration for users and service providers, while enhancing Wi-Fi network security protections. Four new capabilities for personal and enterprise Wi-Fi networks will emerge in 2018 as part of Wi-Fi CERTIFIED WPA3™. Two of the features will deliver robust protections even when users choose passwords that fall short of typical complexity recommendations, and will simplify the process of configuring security for devices that have limited or no display interface. Another feature will strengthen user privacy in open networks through individualized data encryption. Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial.
“Security is a foundation of Wi-Fi Alliance certification programs, and we are excited to introduce new features to the Wi-Fi CERTIFIED family of security solutions,” said Edgar Figueroa, president and CEO of Wi-Fi Alliance. “The Wi-Fi CERTIFIED designation means Wi-Fi devices meet the highest standards for interoperability and security protections.”
“Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry,” said Joe Hoffman, SAR Insight & Consulting. “Wi-Fi is evolving to maintain its high-level of security as industry demands increase.”