New WPA3 Security Standard Introduced for Routers and Devices

New WPA3 Security Standard Introduced for Routers and Devices

The WPA3 security standard is formally finished and ready for introduction according to the Wi-Fi Alliance, which developed the protocol. The new follow-up to WPA and WPA2 is intended to replace them with a standard that, well, hasn’t been cracked yet. There’s more to say on the topic, but that’s what the announcement boils down to. WPA has been breached enough that it’s now considered generally insecure, and some high-profile attacks like KRACK and the ability to predict the Group Temporal Key have breached WPA2 as well. It’s time for a new, (temporarily) secure standard.

One of the major features of WPA3 is its resistance to offline dictionary attacks. With WPA2, if you can observe a single password exchange between a person signing on to a network and the router, you can take that data and attempt to brute-force it via an offline dictionary attack. But WPA3 no longer relies on the same Pre-Shared Key (PSK) that WPA2 used. (Note: This discussion only applies to WPA3 Personal, not WPA3 Enterprise, which didn’t rely on the same PSK algorithm in the first place).

As PCMag reports, the only way to crack into a WPA3 network should be if you’re already connected to it…which largely removes the benefit of hacking it in the first place. The Wi-Fi Alliance also notes that WPA3 includes protections that kick in “even when users choose passwords that fall short of typical complexity recommendations,” which appears to refer to this additional password obfuscation. WPA3 also remains interoperable with WPA2 networks, though this apparently means WPA2 devices can connect to routers using WPA3 without compromising the security of other connected devices. The WPA2 device, presumably, does not gain any benefit from WPA3 security changes or improvements while connected to a WPA3 router.

New WPA3 Security Standard Introduced for Routers and Devices

Alongside WPA3 in its personal and enterprise flavors, the Wi-Fi Alliance also announced Wi-Fi Certified Easy Connect, which aims to let you add an IoT device (typically one with a limited display, or without a display at all) to a Wi-Fi network using another device with an easier interface. An example would be scanning a product quick response (QR) code with your phone. Then there’s Wi-Fi Enhanced Open, which is intended to provide “improved data protections while maintaining the convenience and use of open networks.” Exactly how much protection will be provided is something we may not know until we see how shipping hardware handles the standard — there’s often a rather significant gap between how these standards are intended to be used and how they’re actually deployed.

It’s also not clear if we’ll see older devices patched to provide support for WPA3, or if that support will be particularly robust. Each time a new security standard is released, there’s an inevitable period of “well, I’ve got Product A and Product B and they’re both supposed to support this thing… but won’t connect to each other while using it.”.

Continue reading

Western Digital’s My Cloud Storage Devices Have Hard-Coded Backdoor

Western Digital's My Cloud network attached storage (NAS) devices claim to offer an easy, all-in-one solution for storing your data at home. However, they might also be providing an easy, all-in-one solution for hackers to steal your data take control of your device.

Google Now Blocks Logins From Uncertified Android Devices

Device makers are supposed to get certified before bundling Google services with a phone, but some smaller companies have been trying to fly under the radar by distributing unofficial Google packages. Well, no more.

Apple Missed FTC Memo, Once Again Bricking Repaired Devices

Apple appears to be up to its old tricks again and breaking Apple devices lawfully repaired by third-party vendors. The company's actions are, again, illegal.

ET Deals Roundup: Ring HD Video Doorbell only $100, Amazon Device Sale Continues, and more

Want to be able to see and hear whoever's at your door right from your smartphone? For a limited time, you can save 25 percent off the list price of the Ring Wi-Fi video doorbell. You can also save big on a high-end gaming rig, Kindle ereaders, 4K TVs, and much more with today's best deals.