The Wi-Fi Alliance, with members including Apple, Dell Technologies, Intel and Microsoft, is rolling out WPA3, its replacement for WPA2, to help mitigate the risk of open Wi-Fi networks, according to the organization's announcement. The protocol is expected to emerge later this year.
WPA2 is an industry-wide standard of safety put in nearly all devices with wireless capability, but it is nearly 20 years old, reports ZDNet. WPA2 used a four-way handshake to access a network, but the newer version has a more resilient handshake, "which will not be vulnerable to dictionary attacks," a method of infiltrating a computer's network through password generating, Mathy Vanhoef, a computer security academic, told ZDNet.
Wi-Fi Alliance announced several changes, including a configuration responsible for ensuring security even with weak password standards, which will "simplify the process of configuring security for devices that have limited or no display interface." Other features are for "individualized data encryption" and amplified protection on Wi-Fi networks "with higher security requirements," according to the Alliance.
WPA2 is riddled with decade-old vulnerabilities. Cyberthreats have grown in both variety and frequency over the last few decades, and the current state of WPA2 simply does meet the new level of security standards.
In October, the KRACK Wi-Fi vulnerability left users scrambling. Researchers found that if a malicious actor was in range of a Wi-Fi network, they would be able to perform reinstallation attacks, putting personally identifiable information at risk. Companies including Google and Microsoft issued patches for the security hole, although there was no concrete evidence it was exploited.
Though WPA3 is set to provide stronger protection for Wi-Fi users, it highlights the larger issue of the BYOD models many businesses are adopting. With mobile devices, employees are free to work remotely, but without sufficient protection, company data could be at risk.
Companies have time to prepare for the new version of WPA, and next generation devices will likely be WPA3 compatible.
It is required to have WPA3 on devices, and IT departments are responsible for the update. Wi-Fi Alliance ensured that WPA3 will have "backward compatibility," so companies do not have worry about a complete overhaul of older devices.