Last year, the KRACK attack vulnerability left hundreds of thousands of Wi-Fi routers around the world vulnerable to exploitation. The problem lay in the WPA2 security protocol, which for more than a decade had been the industry standard. Many fixes were posted online, and there are many, many ways to secure your home Wi-Fi network. However, as the vulnerability was a fundamental part of the underlying system found in all Wi-Fi routers, many experts believed that the only way to truly protect users against further KRACK like breakdowns of security was to develop a new underlying system.
We are now starting to see the first devices that support WPA3, and it could be the beginning of the end for WPA2.
A collective of tech companies called the Wi-Fi Alliance certifies devices capable of data transmission over Wi-Fi. Since the KRACK vulnerability hit last year, developers have been working on an enhanced security protocol, WPA3, which is much more secure than its predecessor and the Wi-Fi Alliance has begun certifying devices as WPA3 compliant.
The new WPA3 protocol offers a step up in security in a number of ways. It is almost invulnerable to hackers attempting to guess people’s passwords. It also provides “robust protection,” if people use weak passwords to protect their Wi-Fi networks; and also features device specific data encryption.
The localized encryption is the critical factor here. Encryption makes public Wi-Fi networks much more secure if they’re run on WPA3 certified devices. It also specifically addresses the main issues that allowed KRACK exploits. KRACK, allowed hackers, in range of a Wi-Fi network to intercept traffic and gain access to critical information like email credit card numbers, passwords, and phone numbers. More advanced hackers could even inject packets of malicious data, which could include malware, into the network traffic. This type of malicious behavior will not be possible on WPA3 Wi-Fi networks.
For now, the Wi-Fi Alliance is still allowing the development of new WPA2 devices, but as time goes by it is expected that more and more devices will receive the WPA3 certification. Eventually, it is expected that if a device is going to transmit Wi-Fi, it’ll need a WPA3 accreditation to do so.