What is ailing your Wi-Fi network and how the new standard can make it more secure
Password-protected Wi-Fi connections can also be hacked since they use almost a decade old technology
New Delhi: Open, or public, Wi-Fi networks are anything but secure. Since the data over an open connection is often unencrypted and unsecured, it leaves you vulnerable to a man-in-the-middle (MITM) attack. MITM, explains Symantec Corp., allows a cybercriminal to exploit security flaws in the network to intercept your sensitive information such as passwords and financial data.
However, password-protected Wi-Fi connections can also be hacked since they use the Wi-Fi Protected Access 2 (WPA2) security standard that is almost a decade old. In October 2017, for instance, security expert Mathy Vanhoef found a vulnerability afflicting the (four-way) handshake mechanism in WPA2. Called KRACKs (key reinstallation attacks), it tricks users to connect to a spoofed twin access point on another Wi-Fi channel by manipulating and replaying handshake messages. The handshake is used by WPA2 to negotiate a fresh sessions key every time a user wants to connect a device to the Wi-Fi access point. It is resent multiple times until the device is verified and the session key is installed.
Experts feel the recently released WPA3 security protocol is better equipped to handle KRACK-like vulnerabilities and dictionary attacks (breaking into password-protected computers or servers—in this case Wi-Fi networks—by entering every word in a the dictionary).
Since WPA2 was introduced more than a decade ago, it is ill-equipped to handle many of the modern-day challenges in Wi-Fi connectivity, believe security experts like Manab Mallick, technical head (India and SAARC) at Netgear, and Ritesh Chopra, director at Norton (a Symantec product) business in India.
They believe WPA3 is better suited to the task since it doesn’t rely entirely on a four-way handshake to enable encrypted connections.
Instead, it uses a more secure Simultaneous Authentication of Equals, which first negotiates a fresh Pairwise Master Key, and then uses it in a traditional four-way handshake to generate session keys. This ensures that even if attackers manages to intercept the packets, they won’t be able to decrypt the master key.
For users accessing public Wi-Fi networks shared by many, WPA3 offers Opportunistic Wireless Encryption (OWE), which encrypts all communication between an individual user and the Wi-Fi access points.
While the risk of getting tricked to connect to a fake Wi-Fi exists even in a WPA3-enabled network, OWE significantly reduces the risk of exposure online compared to WPA2, insists Venkat Krishnapur, vice-president of engineering and managing director at McAfee India. Moreover, WPA3 uses a 192-bit encryption system instead of the 128-bit encryption system used in WPA2, which means it will take longer to guess the correct security key.
While many device manufacturers will take a while to get WPA3-certified, users, too, will have to upgrade to compatible devices and routers. The upside: Your Wi-Fi network will be more secure.