WPA3 encryption is here! Can it be used safely with all kinds of cool IOT devices?

In October 2017, the WPA2 security encryption protocol used to protect wireless routers and networked devices from being hacked was exposed to a security vulnerability called "KRACK". Android, Linux, Apple, Windows, OpenBSD, etc. are all affected! As soon as the news came out, a lot of people were shocked.

Especially for those enthusiasts who are keen on various smart devices, the more devices they own, the greater the possibility of being attacked by hackers.

In order to allow everyone to use WiFi and various cool IOT devices with greater confidence, Leifeng.com discovered that on Monday (January 8), an organization called the "WiFi Alliance" finally stood up and released a new security protocol called WPA3 at CES (International Consumer Electronics Show) where various technology companies and technology media gathered.

First, let's take a look at the "WiFi Alliance". Leifeng.com found that this organization is quite powerful. Its members include manufacturers, standardization organizations, regulatory agencies, service providers and operators. Apple, Samsung, Intel and others are all its members.

The Wi-Fi Alliance announced that it will popularize the more secure WPA3 encryption protocol starting at the end of 2018.

So, what security pain points will this new encryption protocol solve? Are the many IoT devices that are still using WPA2 compatible with the new protocol? Can WPA3 ensure security? Please follow Leiphone.com to find out.

What security pain points does the WPA3 protocol solve?

Compared with WPA2, what security improvements does the WPA3 encryption protocol have? Foreign media nakedsecurity summarizes the following four points:

1. Prevent hackers from brute force password cracking .

Regarding the issue of weak passwords, although hackers have taught us many bitter lessons, there are still "lazy people" who use them.

Often, the frantic security personnel are disappointed with the results, while the hackers who have been successful in their attempts are secretly pleased with themselves.

Regarding hacker attacks, the WiFi Alliance said that WPA3 can directly lock the number of multiple attempts to crack. In other words, when a hacker is found to have tried to log in to your device multiple times with passwords such as 12345 or ABCDEF, the encryption protocol will automatically block the login behavior.

Therefore, for those who cannot remember the password, when entering the WPA3 era, do not think that you will get the password right by trying a few more times. Even if the password you enter is correct after too many attempts, it will be considered a hacker attack and the account will be locked directly!

2. You can use mobile phones, tablets, etc. to set up smart devices more conveniently.

In other words, users can use their mobile phones or tablets to simply set up IoT devices without screens, such as smart speakers.

Liang Jiahui, the head of mobile security at Dingxiang (Zhai Zhai has confirmed that he is really not the actor himself~), explained to Leifeng.com that the main purpose of this move is to make it easier for users to control IoT devices.

For example, if you have just bought a new speaker without a screen, it would be troublesome if you want to connect it to the Internet. Now it can be easily supported by remote configuration. Among these options, there will be configurations such as which WIFI hotspot to connect to and what the password is. In the WPA2 era, these logics needed to be developed separately by R&D personnel. Now the WPA3 protocol has already done this part.

However, Tony Leung expressed his concerns about this update. He believes that as more and more IoT devices are connected to smartphones, the risk of exploitation of corresponding network security vulnerabilities will also increase.

3. Personalized data encryption.

The third feature is "Personalized Data Encryption," which is a feature that encrypts the connection between each device and the router or access point.

Leung prefers to think of this update as a "separate encryption key."

WPA3 can assign different encryption keys to different devices, thus effectively reducing the risk of attackers extracting passwords through packet capture, offline analysis, etc. This is something that WPA2 does not have.

4. Higher encryption standards are required.

The fourth feature is improved encryption standards, which the Wi-Fi Alliance describes as:

A 192-bit security suite, compatible with the National Security Systems Committee Commercial National Security Algorithms (CNSA) suite, will further protect wireless networks with higher security requirements, such as those used in government, defense and industrial networks.

Tony Leung explained that compared with the previous 128-bit encryption algorithm, WPA3 has increased the difficulty of encryption at the password level, which is a change in the underlying cryptographic technology. It will be more difficult for hackers to crack the password in the future.

Will there be compatibility issues?

Any new thing may encounter difficulties in adapting to the local environment, especially WPA3, which is closely related to the firmware itself.

To put it simply, this problem is the compatibility issue between old and new devices, although some devices in users' hands can be updated according to the manufacturer's arrangements to support the WPA3 security protocol.

However, Liang Jiahui pointed out that not all routers can support WPA3. Some very old routers can only support it by upgrading the hardware, which will cause some lag effects.

Although some IOT devices support WPA3, because the routers they are connected to are WPA2, security personnel still need to continue to protect against problems that arise with WPA2, so security issues related to WPA2 will still exist for quite some time.

Is using WPA3 safe?

Although WPA3 can effectively resist brute force attacks on weak IoT passwords and can provide some protection for devices that use plain text transmission, Liang Jiahui believes that the security issues of the firmware itself still require strict control by R&D personnel.

The "WiFi Alliance" stated that the popularization of WPA3 requires a process, at least 2 to 3 years. During this period, the impact of "KARACK" still needs to be seriously addressed.

For the majority of users, I suggest that you should not connect to Wi-Fi randomly. In addition to updating your router equipment in a timely manner, you should also pay more attention when surfing the Internet. Try to choose to visit secure websites and identify HTTPS sites. In this way, at least there is encryption on the website to protect your user data.

Reference sources: nakedsecurity, WiFi Alliance