Checking your social media profiles at your favorite coffee shop will soon be a lot safer. The Wi-Fi Alliance, which includes companies like Microsoft, Apple, Dell and Intel, will launch a new Wi-Fi protocol, WPA3.
The new standard will address flaws in the current WPA2 protocol that include a lack of data encryption and a vulnerability that allows nearby users to eavesdrop on your online activity.
The Discovery of KRACK
WPA2 was introduced in 2004 to protect wireless connections, and overall, it did provide adequate protection. But last year, a researcher in Belgium discovered a vulnerability in WPA2 that broke what is known as the four-way handshake, the method used to confirm the encryption keys used to protect traffic transmitted via WiFi.
The vulnerability was dubbed KRACK, for Key Reinstallation Attack, and it allowed hackers to listen in on someone else’s connection. KRACK affects all operating systems and devices because the vulnerability is within the WPA2 protocol.
Although KRACK can only be effective when the hacker is in near proximity to another user, the discovery appears to be the push needed for the Wi-Fi Alliance to upgrade to a new standard.
WPA3’s Security Features
Besides addressing the KRACK vulnerability, the primary improvement in WPA3 is individualized data encryption. Public Wi-Fi under WPA2 is open and unencrypted. With WPA3, any data transmitted will be scrambled and more difficult for hackers to intercept.
Another feature addresses password security. Currently, hackers can make unlimited tries to guess your passwords through the open Wi-Fi lines. When WPA3 is onboarded, protections against suc “brute-force” attacks will be in place, and hackers will be blocked after a limited number of incorrect password attempts.
Internet of Things (IoT) devices will also get an added layer of protection. Most IoT devices don’t have security baked in, and many are difficult to add security to because they don’t have screens or keypads. With WPA3, users can use their screened devices, like phones, to configure security on IoT devices.
The Impact of WPA3
The Wi-Fi Alliance targeted mid-2018 as its rollout date. Its effectiveness depends on vendors and users upgrading their devices. New devices should support WPA3; look for information on packaging to determine if the device is WPA3 certified.
In-home routers also follow the standard. If you want WPA3 protections on your home wireless connection, you’ll have to upgrade your router. Otherwise, you’ll continue to be connected with WPA2 and hope that no one with access to your household network plans to hack your connection.
But if your favorite coffee shop has the new WPA3 router, check those emails and social media accounts without fear (but you’ll still want to follow safe practices when sharing information online and before clicking links in emails).