Wi-Fi security WPA3 will save you from yourself



[ad_1]

There are more Wi-Fi devices actively used in the world – about 9 billion – than human beings. This ubiquity makes protecting Wi-Fi from hackers one of the most important tasks of cybersecurity. That's why the arrival of WPA3 new generation wireless security protocol deserves your attention: not only will it help keep Wi-Fi connections safer, but it will also help you protect yourself from your own security failures.

It will take time to enjoy all the benefits of WPA3; The Wi-Fi Alliance, a commercial group that oversees the standard, publishes all the details today, but does not expect an extensive implementation by the end of 2019 at the earliest. During WPA3 graphics for Wi-Fi, however, security experts are seeing critical, long-awaited improvements to a technology that you use more than almost any other.

"If you ask virtually any security guard, they will tell you not to use Wi-Fi or, if you do, to immediately add a VPN connection," says Bob Rudis, Data Manager at Rapid 7. "Now Wi-Fi is becoming something where we can say hello, if the place where you will be using WPA3 and your device is using WPA3, you can practically use Wi-Fi at this point. in law."

Password protection

Start by understanding how WPA3 will protect you at home. More specifically, this will mitigate the damage that could result from your lazy password.

A fundamental weakness of WPA2, the current wireless security protocol that dates back to 2004, is that it allows hackers to deploy a so-called offline dictionary attack to guess your password. An attacker can take as many moves as he wants to guess your credentials without being on the same network, browsing the entire dictionary and beyond in a relatively short order.

They do not try to hide the details of the system.

Joshua Wright, Counter Hack

"Let's say I'm trying to communicate with someone, and you want to be able to listen to what we're saying." In an offline attack, you can either stay there and capture an exchange or interact with me once.And then you can go, you can go elsewhere, you can launch a bunch of cloud services and you can try a brute-force dictionary attack without ever interacting with me, until you you understand my password, "says Kevin Robinson, a Wi-Fi Alliance executive.

This type of attack has limitations. "If you choose a 16-character or 30-character password, there's no way to solve it," says Joshua Wright, Senior Technical Analyst at Counter Hack, a computer security company. Chances are, however, you have not chosen this kind of password. "The problem is really the consumers who do not know better, where their password at home is their first initial and the name of their favorite car."

If this sounds familiar, please change your password immediately. In the meantime, WPA3 will protect against dictionary attacks by implementing a new key exchange protocol. WPA2 used imperfect four-way handshake between clients and access points to enable encrypted connections; this is what was at the root of the notorious KRACK vulnerability that had an impact on an essentially connected device. WPA3 will abandon this in favor of more secure and widely validated simultaneous authentication of equal data exchange.

There are a lot of technical differences, but the result for you is twofold. First, these dictionary attacks? They are essentially finished. "In this new scenario, every time you want to guess the password, to try to get into the conversation, you have to interact with me," Robinson says. "You get an estimate every time." Which means that even if you use your pet's name as a Wi-Fi password, hackers will be much less likely to take the time to crack it.

The other benefit comes in the event that your password is nevertheless compromised. With this new handshake, WPA3 supports the transfer secret, which means that any traffic that passes through your transom before an intruder can access remains encrypted. With WPA2, they can also decrypt old traffic.

Safer connections

When WPA2 appeared in 2004, the Internet of Things had not yet become close to the horror of security that consumes everything that is its current mark. It is no wonder that WPA2 did not offer a simplified way to safely ship these devices over an existing Wi-Fi network. And in fact, the predominant method by which this process occurs today-Wi-Fi Protected Setup-has known vulnerabilities since 2011. WPA3 provides a solution.

The Easy Connect Wi-Fi, as the Wi-Fi Alliance calls it, facilitates access to wireless devices that do not have (or limited) screen or mechanism. Entry on your network. Once activated, you will simply use your smartphone to scan a QR code on your router, then scan a QR code on your printer or your speaker or another IoT device, and you are ready, they are connected securely. With the QR code method, you use public key-based encryption for embedded devices that are currently lacking for the most part from a simple and secure method.

"Right now, it's really difficult to deploy IoT things safely.The reality is that they do not have screen, they do not have screen Rudis explains: Wi-Fi Easy Connect avoids this problem. "With WPA3, it automatically connects to a secure, closed network. And it will have the ability to lock this credentials, which will make it much easier to securely deploy multiple IoT devices.

Here again, the biggest advantage of Wi-Fi Easy Connect lies in its ease of use. This is not only safe; it's impossible to screw up.

"At the moment, it's really hard to deploy IoT objects safely.

Bob Rudis, Rapid 7

This trend is also playing with Wi-Fi Enhanced Open, which the Wi-Fi Alliance detailed a few weeks ago. You've probably heard that you should avoid doing sensitive searches or entering data on public Wi-Fi networks. This is because with WPA2, anyone on the same public network that you can watch your business, and you target with intrusions like the middle man attacks or sniffing traffic. On WPA3? Not really. When you connect to WPA3 Wi-Fi from a cafe with a WPA3 device, your connection will be automatically encrypted without the need for additional identification information. It does this by using an established standard called opportunistic wireless encryption.

"By default, WPA3 will be fully encrypted from the minute you start doing anything with respect to wireless network access," according to Rudis. "It's basically huge."

As with password protections, WPA3's extended encryption for public networks also protects Wi-Fi users from a vulnerability that they may not realize. In fact, if anything can make Wi-Fi users feel also to guarantee.

"The heart is in the right place, but it does not stop the attack," says Wright. "It's a partial solution." My concern is that consumers think that they have this automatic encryption mechanism because of WPA3, but this is not guaranteed.An attacker can spoof the Internet. identity of the access point, then disable this feature. "

Activate

Even with the added technical details, talking about WPA3 is almost premature. While major manufacturers like Qualcomm have already committed to implement this summer, to take full advantage of the many upgrades to WPA3, the entire ecosystem must adopt it.

It will happen on time, just like with WPA2. And the Robinson of the Wi-Fi Alliance says that the downward interoperability with WPA2 will ensure that some additional security benefits will be available as soon as the devices themselves will be. "Even at the very beginning, when a user has a mix of features, if he has a WPA3 network, he can immediately activate a transition mode." All their WPA3 compatible devices will benefit from WPA3, and existing WPA2 devices will still be able to connect, "says Robinson.

However, it hides in this assurance that WPA3 will have a literal cost. "The thing is, everyone has to buy a brand new one," says Rudis. "But at least it sets the framework for a much more secure configuration than we have now."

Equally important, this framework is based primarily on solutions that security researchers have already had the chance to push and make holes. This has not always been the case.

"Five years ago, the Wi-Fi Alliance created its own protocols in secret, without disclosing details, and it turns out that some of them have problems," says Wright. "Now they are adopting more and more known and tested and validated protocols in which we have a lot more confidence, and they are not trying to hide the details of the system."

Which makes sense. When you secure one of the most used technologies on Earth, you do not want to leave anything to chance.


More great WIRED stories

[ad_2]
Source link