Your IT Consultant

Every Kick in the Ass is a Step Forward

January 10, 2018

I love that title. Recently, Bleeping Computer posted information about a newly announced Wi-Fi standard. Last year, WPA2 was discovered to have a vulnerability that could be compromised letting the bad guys eavesdrop on traffic between your computer and wireless access point. The WPA2 protocol uses a four way handshake to make sure both connection elements share the same encryption key. The KRACK attack focused on the handshake process. The Wi-Fi Alliance announced a new WPA3 standard to fix the weaknesses in WPA2, providing improved security and additional features.

Four new features are expected in WPA3. The first feature is preventing brute force attacks by blocking the Wi-Fi authentication process after several failed attempts. The second feature is the ability to configure a device without a screen by using a nearby Wi-Fi device such as a phone. I see this feature being utilized primarily for IoT devices (e.g. cameras, smart locks, etc.). The last two features are security features dealing with encryption. WPA3 will use "individualized data encryption." The last feature is an improved cryptographic standard.

It may take a while, but vendors are already scrambling to get the WPA2 replacement distributed as soon as possible. Expect to see WPA3 available in devices later this year.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com