Slashdot Mirror

← Back to Stories (view on slashdot.org)

With WPA3, Wi-Fi Security is About To Get a Lot Tougher (zdnet.com)

Posted by msmash on from the next-up dept.

One of the biggest potential security vulnerabilities -- public Wi-Fi -- may soon get its fix. From a report: The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect almost every wireless device today -- including phones, laptops, and the Internet of Things.

One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices. WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven't been manipulated. Further reading: WPA3 WiFi Standard Announced After Researchers KRACKed WPA2 Three Months Ago

3 of 121 comments (clear)

  1. Eh? by ledow · · Score: 5, Interesting

    "One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices. WPA3 employs individualized data encryption, which scramble the connection between each device on the network and the router, ensuring secrets are kept safe and sites that you visit haven't been manipulated"

    Sure. But your computer will still not know that the CoffeeShop SSID that they're connecting to was the one the shop set up, though, will they? There's no exclusivity for SSIDs and if there was, it'd be a denial-of-service opportunity.

    Once connected, and a secret shared, yes. But with no password the initial connection is still giving people a chance to shove you on THEIR connection rather than the one you think, and then you can be WPA3-authenticated to them rather than what you thought without having a clue.

    1. Re:Eh? by VeryFluffyBunny · · Score: 4, Interesting

      But your computer will still not know that the CoffeeShop SSID that they're connecting to was the one the shop set up, though, will they?

      Yes, this. Public Wifi needs something like unique domain names with signed certificates from an independent authority so that people know what they're connecting to and can be warned if it's insecure and therefore unsafe.

      --
      Debate is a form of harassment. Do not question my truth.
  2. Re:Better, but not best. by ledow · · Score: 3, Interesting

    Indeed. I used to VPN over my internal Wifi that only I knew the password for.

    WEP was cracked? Didn't matter.
    VPN software was cracked? Didn't matter.
    WPA was cracked? Didn't matter.

    So long as they aren't ALL cracked at the same time, you're safe. And there was no measurable latency or other additions, but full end-to-end verification and encryption, TWICE. I used to game CS over it.

    Give yourself enough layers and you don't have a window where you're vulnerable to compromise, whereas everyone just reliant on "WPA2 being secure" does. This gives you time to update, replace hardware, change settings, test if you're vulnerable, etc.