Could A New Security Standard Fix WiFi Worries?

WPA3, the third generation of WiFi Protected Access, will make wireless networks more secure

In the many areas of the world, WiFi has become an expected service. Coffee shops, pubs and even buses offer WiFi networks for their customers. Between 2015 and 2020, the total number of global public WiFi hotspots is expected to grow sevenfold. An exponential increase in wireless connectivity began in 1997 when WiFi first became commercially available. Now, when you visit somebody else’s house, you’re just as likely to ask for the WiFi password as you are a cup of tea. However, the more WiFi networks there are, there greater the security risks become. How will WPA3 negotiate these risks?

Home is where the WiFi hub is

Wireless security has become even more prominent as more individuals and organisations switch from wired alternatives. Cheap, accessible wireless connectivity has been a blessing for many organisations, saving them the cost of wiring buildings. But with more networks have come more opportunities for exploitation. As WiFi adoption grew in the early 2000s, so too did the trend of ‘war driving’. War drivers aim to find WiFi networks and infiltrate them, often just to see if they can. War driving may not always be malicious, but it highlighted the vulnerability of WiFi networks. For organisations that transmit sensitive information, the need to improve security became clear.

In 1999, the Wi-Fi Alliance was set up to certify WiFi enabled devices. The current widespread standard, WPA2, was launched in 2004 to improve both personal and enterprise networks via encryption. Then, late last year, Key Reinstallation Attacks (better known as Krack Attacks) threatened to make WPA2 obsolete. In a Krack attack, a hacker makes a copy of a vulnerable network. Instead of reaching the legitimate network, devices connect to the copy. Any network is susceptible to this form of attack, allowing the hacker to eavesdrop on, or exploit important data… Think card details, addresses, passwords, photos and conversations. This is bad enough for an individual, but from a business perspective it can be catastrophic.

Is WPA3 worth it?

WPA3 is the Wi-Fi Alliance’s answer to the security concerns associated with existing networks. It has a dual focus: personal and enterprise. One new personal protocol is individualised data encryption, which requires passwords from those using open WiFi. Another is Simultaneous Authentication of Equals, which establishes a secure key between devices. For enterprise, WPA3 promises cryptographic strength equivalent to 192 bits. This is hoped to provide more protection against third party influences. In other words, WiFi users will be able to use wireless networks – open ones in particular – without the constant worry of eavesdropping, impersonation or malware attacks.

WPA3 definitely sounds beneficial, but it isn’t going to come cheap. Manufacturers will have to upgrade their existing devices to support the standard, which will mean changing their production methods. Households with WiFi may also need to buy a new, WPA3 supported router. The success of WPA3 therefore depends on the willingness of corporates and consumers to recognise that current security standards may be inadequate.

As connectivity evolves, so must the security protocols that govern it. Ultimately, the successful and rapid adoption of WPA3 rests on cost and interoperability. Although the Wi-Fi Alliance states that the next generation WiFi security will be compatible with WPA2 devices, eventually the old standard will need to be phased out. Upgrades, though necessary, are unlikely to be free. Privacy comes at a price, and if you can’t pay then your data remains at risk. However, now that cybersecurity is topping boardroom agendas, companies are likely to support WPA3 adoption. This could lead to initiatives for customers, and smooth out the transition. Until then, WiFi users will have to rely on simple tactics such as using authentic HTTPS sites, avoiding open WiFi networks, and sheer luck.

To read more about data protection and security, sign up for our newsletter here.