Following the new Wi-Fi standards unveiled earlier this month by the Wi-Fi Alliance at CES in Las Vegas. A first official draft of the WPA3 Wi-Fi authentication protocol is forthcoming, anddevices supporting the new protocols should be available later this year, including features like improved protection when users choose weak passwords, individualized encryption and improved security setup on devices with limited or no interface screens. There will also be a new security suite using 192-bit encryption. Christian Lees, CISO at InfoArmor commented below.
Christian Lees, CISO at InfoArmor:
“WPA2’s life expectancy has far exceeded its expectations in my book, and WPA3’s new security controls will be a welcomed event,” said Lees.
“The complete technical details have yet to be published, however, meaningful security features are to be added. For example, DeAuth attacks should no longer possible, a new type of handshake between router and client removing well known brute force attacks. Could there be anything they might have missed that It would be wise to consider? That’s very difficult considering there is little known about the protocol at this time. There is always a chance that some threat vector will be found.”
As to how changes like this could effect the cybersecurity industry more broadly, Lees said, “Looking at the current vulnerabilities of WPA2, for example KRACK, we know that people are routinely exposed on Wi-Fi. Consider how frequent we all use not only private Wi-Fi, but we often also use public Wi-Fi which are regularly exposed to threat actors. Considering WPA2 known vulnerabilities I consider all Wi-Fi to be ‘untrusted and owned.’”