Fourteen Years Later, Wi-Fi Is Finally Getting the Security Facelift it Needs

DZone 's Guide to

Fourteen Years Later, Wi-Fi Is Finally Getting the Security Facelift it Needs

A security professional discusses a new vulnerability that has recently surfaced, and how improved WPA standards will help you fight it.

· Security Zone ·
Free Resource

It seems every year brings a new cybersecurity concern for businesses.

In 2016, employers across Europe and the U.S. couldn’t stop thinking about the global outbreak of an encrypting ransomware called Petya. And in the beginning half of 2017, those fears were quickly replaced by WannaCry, another ransomware attack that infected hundreds of thousands of computers, locking end-user systems with an encrypted key known only to the individual who launched the takeover.

Perhaps even more dangerous than Petya and WannaCry was the discovery of a significant security flaw affecting almost anyone with a device that secures Wi-Fi with WPA2, a protocol released in 2014. Prior to the deployment of WPA2, the Wi-Fi Protected Access (WPA) was launched in 2003 to protect devices equipped with Wi-Fi connections and to replace the original security standard, the Wired Equivalent Privacy (WEP).

Unlike the typical ransomware employed by hackers, this cyber risk is found within the WPA2 protocol, allowing malicious actors nearby to hijack connections and exploit unsuspecting Wi-Fi clients. Known as the Key Reinstallation Attack, or KRACK for short, this security vulnerability attacks the third step in the WPA2 four-way handshake whenever a computer or a program, also known as a client device, attempts to connect to a protected network. During step three of the handshake, an encryption key is negotiated between the client device and the access point but if the key isn’t acknowledged, the client may receive step three several times.

With the KRACK exploit, hackers can force replay transmissions from step three, capturing and manipulating encryption keys before they are resent and reinstalled on the client device. Unfortunately, this means any Wi-Fi network with WPA2 implementation is affected by the proof-of-concept attack. In response to the major security vulnerabilities created by KRACK, the Wi-Fi Alliance moved to deploy WPA2’s robust, more secure successor: WPA3.

A Safer Way to the Internet: How the WPA3 Protocol Brings Wi-Fi Users Peace of Mind

To protect data transmissions and internet users everywhere, the Wi-Fi Alliance rolled out three WPA2 upgrades and a brand new WPA3 protocol designed to bring advanced security to Wi-Fi networks. Security enhancements to WPA2 include greater authentication, data confidentiality, and a standardized cryptographic suite at 128-bit.

Above all, the introduction of WPA3 simplifies device security and makes it significantly harder for hackers to eavesdrop on data sent between clients and access points.

The WPA3 protocol strengthens cybersecurity in four different ways:

  1. Protection against brute force “dictionary” attacks. No matter how many reminders are given, people will continue to utilize weak passwords, increasing their vulnerability to simple brute force attacks. WPA3 eliminates the risks associated with weak passwords, strengthening protections even if users choose common words to secure their accounts by developing a new encryption handshake.
  2. Simplified security for Internet of Things (IoT) devices. Because sensors and other IoT devices are not limited to display interfaces, it can be tricky configuring security for these devices. New capabilities under the WPA3 protocol make it possible for clients to easily protect these devices using just their smartphones.
  3. Elevated encryption key requirements. Under the WPA2 protocol, encryption keys were set around 64-bit or 128-bit. WPA3 raises this requirement, standardizing a higher 192-bit security suite that is designed to support security-sensitive networks and is aligned with the Commercial National Security Algorithm.
  4. Secured public Wi-Fi through individualized data encryption. Unlike its predecessor, the WPA3 protocol offers individualized data encryption unique to every client. This new standard works to improve user privacy even in open networks, meaning hackers can’t passively monitor or eavesdrop network traffic on unsecured Wi-Fi hotspots.

While WPA3-compliant devices won’t hit the shelves until later this year, there are several things Wi-Fi users can do to protect themselves from the KRACK exploit. Employers should keep an eye on any employee devices that touch corporate data, for example, establishing a clearly defined bring-your-own-device (BYOD) policy. Android users, who were hit hardest by KRACK, are encouraged to install the latest software update package to patch the security flaw in devices running Android 6.0 and later.

In addition to exercising common sense when browsing online, other best practices for Wi-Fi users include:

  • Keeping their devices up to date with the latest software and security patches.

  • Switching to a wired ethernet or cellular connection whenever possible.

  • Establishing guest networks to redirect traffic from visitors away from personal or corporate networks.

  • Installing an HTTPS Everywhere extension to make internet browsing more secure.

  • Deploying a virtual private network (VPN) when using public hotspots to prevent hackers from intercepting network traffic.

Wi-Fi security flaws like KRACK are enough to alarm even the safest of Wi-Fi users — but it’s far from the last security risk we’re likely to see. Staying on top of the latest security patches and educating oneself about recent security threats can go a long way in combating future Wi-Fi vulnerabilities.

vpn ,security ,wi-fi security ,web security ,network security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}