{"id":11091,"date":"2018-01-12T10:10:47","date_gmt":"2018-01-12T18:10:47","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/12\/news-4862\/"},"modified":"2018-01-12T10:10:47","modified_gmt":"2018-01-12T18:10:47","slug":"news-4862","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/01\/12\/news-4862\/","title":{"rendered":"WPA3 will secure Wi-Fi connections in four significant ways in 2018"},"content":{"rendered":"

Credit to Author: Malwarebytes Labs| Date: Fri, 12 Jan 2018 17:30:00 +0000<\/strong><\/p>\n

CES, the annual consumer electronics extravaganza in Las Vegas, isn\u2019t just a showcase for virtual reality and poorly-timed power outages<\/a>. It\u2019s also an opportunity to get a peek at the future of network security.<\/p>\n

That\u2019s why on the first day of CES, the Wi-Fi Alliance announced the newest security protocol for Wi-Fi devices: WPA3<\/a>. The new protocol is the most significant upgrade to Wi-Fi security since WPA2 was ratified in 2004<\/a>.<\/p>\n

Details are thin, but the announcement outlined four new security capabilities that will protect wireless connections in the years to come.<\/p>\n

1. Protection against brute force \u201cdictionary\u201d attacks<\/h3>\n

Despite a generation of irritated admins requesting that users choose stronger passwords, the most popular passwords are still common words like \u201cpassword\u201d or \u201cfootball.\u201d That makes networks vulnerable to simple brute force attacks that systematically submit every word in the dictionary as a password. Online tutorials of this Wi-Fi hack<\/a> are trivially easy to find.<\/p>\n

WPA3 should make that issue a thing of the past by \u201cdelivering robust protections even when users choose passwords that fall short of typical complexity recommendations.\u201d Some security experts have speculated<\/a> that this refers to a type of key exchange called Dragonfly. According to the Internet Engineering Task Force<\/a> (IETF), Dragonfly \u201cemploys discrete logarithm cryptography to perform an efficient exchange in a way that performs mutual authentication using a password that is probably resistant to an offline dictionary attack.\u201d<\/p>\n

2. Easier Internet of Things (IoT) security<\/h3>\n

WPA3 promises to \u201csimplify the process of configuring security for devices that have limited or no display interface.\u201d That\u2019s a nod to the growing number of devices that are enhanced by network connections, such as smart door locks, home personal assistants, and (apparently) toothbrushes<\/a>.\u00a0Since IoT devices rarely have a graphical interface, it\u2019s difficult to configure them for optimal security. You can\u2019t type a password directly on a toothbrush, after all. This can naturally lead to less secure connections and vulnerable devices. Hackers could, for example,\u00a0access your smart speakers and play whatever audio they want in your living room<\/a>.<\/p>\n

The Wi-Fi Alliance hasn\u2019t yet offered details on how WPA3 overcomes this challenge. But researchers have successfully enhanced security on IoT devices by configuring them with a smartphone<\/a>.<\/p>\n

3. Stronger encryption<\/h3>\n

WPA2 requires a 64-bit or 128-bit encryption key. But WPA3 uses a stronger standard: 192-bit encryption and alignment with the Commercial National Security Algorithm (CNSA) Suite. This promises consumers the kind of beefier security that’s currently used to protect governments and corporations.<\/p>\n

4. Secure public Wi-Fi<\/h3>\n

Public Wi-Fi connections, like the kind you might use in a coffee shop or library, are always less secure than private ones. That\u2019s partly due to the inherent security limitations of open wireless networks, and party due to the fact that librarians and coffee shop owners aren\u2019t typically network security masters<\/a>. The new standards promise to \u201cstrengthen user privacy in open networks through individualized data encryption.\u201d Though the announcement doesn\u2019t offer specifics on how that will be achieved.<\/p>\n

Curiously, during its CES announcement, the Wi-Fi Alliance made no mention of KRACK<\/a>, the vulnerability in WPA2 that impacted all Wi-Fi devices. However, Mathy Vanhoef, the researcher who discovered the vulnerability, wrote several enthusiastic tweets<\/a> about WPA3.<\/p>\n

\"WPA3\"<\/p>\n

In one, he speculates that WPA3 will include Opportunistic Wireless Encryption<\/a>. This enables connection on an open network without a shared and public Pre-Shared Key (PSK).\u00a0That\u2019s important because a PSK can give hackers easy access to the Traffic Encryption Keys (TEKs), thus allowing them access to a data stream. In other words, the new protocol should help prevent hackers from snooping on your web browsing while you\u2019re at Starbucks.<\/p>\n

Before we start to see the benefits of WPA3, the Wi-Fi Alliance has to certify hardware that uses the security protocol. So there\u2019s no telling when people can start enjoying the enhanced security protections. But you shouldn\u2019t be surprised if you start seeing devices that use the new protocol later this year.<\/p>\n

Guest post by\u00a0<\/em>Logan Strain, author for Crimewire<\/a>
<\/em>Father, writer, and reformed Usenet troll. Lives in San Diego. Doesn\u2019t surf, but should learn.
Follow Logan on Twitter\u00a0@LM_Strain<\/a><\/em><\/p>\n

The post WPA3 will secure Wi-Fi connections in four significant ways in 2018<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Malwarebytes Labs| Date: Fri, 12 Jan 2018 17:30:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
At CES this week, the Wi-Fi Alliance announced WPA3, the newest security protocol for Wi-Fi devices. WPA3 includes four new security capabilities and is the most significant upgrade to Wi-Fi security since 2004.<\/p>\n

Categories: <\/p>\n