Wi-Fi Security? It’s time. Wi-Fi Alliance launched WPA3. It will certainly ensure a higher CyberSecurity level and, as a consequence, it will benefit users both in terms of privacy and GDPR Compliance.
However, WPA3 does not make wireless networks hacker proof.
First of alla, let’s have a look together at the features and benefits of WPA3. Afterwards, we can analyze in detail the top vulnerabilities related to Wi-Fi.
[check-network-link-home]
WI-FI security: what is the WPA?
WPA stands for Wi-Fi Protected Access. Basically, it is a security standard which authenticates wireless devices through an AES (Advanced Encryption Standard) protocol. Namely, a block cypher algorithm that has been used for years as far as data privacy is concerned. WPA’s main purposes are:
- blocking third parties,
- avoiding the interception of incoming and outcoming wireless data.
Wi-Fi Security: the vulnerabilities of WPA2
Back in 2006, WPA2 replaced WPA and we are pretty confident that this third standard will be replaced as well. However, the real question is: why do we need to replace WPA2?
Because WPA2 is effective but it leaves our devices exposed to KRACK attacks. What is a KRACK attack? Basically, it is a kind of Cyberattack that aims at cracking and consequently destroying the protection granted by WPA2 to our Wi-Fi. Some researchers proved our point. They carried out a simulated attack with the methodologies described.
Of course, the producers of Wi-Fi Devices already knew this. This is why, during years, they tried to fix the issues when possible. This happened until the Wi-Fi Alliance – the no profit organization that tries to check and certify Wi-Fi Security standards with the specific purpose of getting a unified global standard – intervened.
WI-Fi Security: what’s new in WPA3?
Forcing WPA2 to retirement, WPA3 comes up with significant improvements in terms of configuration, authentication and encryption. The final objective, as we’ve previously seen, is to make KRACK attacks harder to implement.
To this end, WPA3 divides itself into two brand new security protocols:
- WPA3-Personal
- WPA3-Enterprise.
Obviously, the difference between them is: WPA3-Personal is about Wi-Fi for private use while WPA3-Enterprise is about Wi-Fi for companies.
[check-network-link-home]
WI-FI Security: an increased security level
Concretely, WPA3 offers:
- Protection of the system against brute-force attacks. What do we mean when we talk about brute-force attacks? It is an offline kind of attack which almost each one of us, at least once, carried out, not only as far as Wi-Fi is concerned. Basically it means trying all the possible combinations of passwords to get in. WPA3 empowers the system and makes it harder for thirs parties to crack your password. Here’s a little piece of advice: make your password difficult, the more random it is, the better.
- WPA3 Forward Secrecy. The brand new Security standard uses SAE (Simultaneous Authentication of Equals). This is a password authentication protocol just about the LAN Wireless (the local network we use every day) that offers Forward Secrecy. Forward Secrecy is a security feature that does not allow hackers and CyberCriminal to decrypt Wi-Fi traffic obtained with the password. This specific protocol makes sure that, even though the password has been previously compromised, it will remain confidential in the future. Putting it in simple words, if your Wi-Fi is under attack and you change your password, the Forward Secrecy protocol makes it impossible for the hacker to access even if the network has been previously compromised.
- Protection for public Wi-Fi networks. It is pretty boring to constantly ask for the Wi-Fi password when you are in a bar or a restaurant, isn’t it? But the truth is, if that Wi-Fi is protected, there must be a reason. As a matter of fact, public Wi-Fi networks are often not so safe. WPA3 works on this, actually it enforces the privacy of the users through an individual encryption of the data. Basically, encrypting the wireless traffic between the Wi-Fi access point and the single device. This operation significantly reduces the risk of Man-In-The-Middle (MITM) attacks. These attacks consist of a third person who puts himself in a conversation with the specific purpose of altering or recording it. Just to be clear, these attacks are the reason why Whatsapp introduced the end-to-end encryption.
- Advanced encryption for sensitive networks. The main target of this feature is corporate Wi-Fi: through WPA3-Enterprise you can encrypt your own Wi-Fi traffic ensuring protection to sensitive data.
WI-FI Security: Wi-Fi Easy Connect
Wi-Fi Alliance, in addition to WPA3, announced a feature that should arrive soon: Wi-Fi Easy Connect. Basically, this is an update that replaces the old WPS (Wi-Fi Protected Setup), the standard for the set up of safe connections on Wi-Fi network that turned out to be not so safe. Wi-Fi Easy Connect aims at semplifying the access: no more struggles to remember the password, scanning a QR code with your smartphone will be enough.
[check-network-link-home]
Now we know that our connections will be safer and safer in the future. However, future is the key word. While Wi-Fi Easy Connect will take some time, WPA3 is already here but it will take some time as well to have the devices that support it. Basically, this means that we need to keep on living with WPA2 and its vulnerabilities for some time. It will become mandatory in one year or so, in the meantime, always remember to protect your Wi-Fi with a sophisticated and effective password.
WI-FI Security: hacker proof?
WPA3, as we’ve seen before, obviously ensures a higher security level and a greater protection of users data. However, it is not hacker proof.
It is necessary to always consider the scenario, we need to constanly focus on the WLANs (Wireless Local Area Network).
Ensuring security by design and by default is key. Moreover it is crucial to avoid classic mistakes related to misconfigurations.
WI-FI Security: Top Vulnerabilities
Here we analyze the Top Vulnerabilities and Threats
Default configurations
One of the most exploited vulnerabilities by Criminal hackers consists of taking advantage of default configurations of systems and devices such as: operating systemass, routers, switches, …
Being aware of the default settings and passwords makes it too wasy for hackers. They could obtain the control of the device in a blink of an eye.
Access Point
Obviously, we are talking about Non Authorized Access Points. We have previously explained a Man In The Middle (MITM) attack. A non authorized access point is placed and configurated to accept beacons from legit access points. In the meantime, via broadcast it sends these beacons fooling the wireless devices. In this way, the non authorized access point will get the legit traffic. However, there is an easy way to limit this vulnerability: a correct configuration of the WLAN.
Endopoint
CyberAttacks often target directly the endpoints. There are several cases of well-known vulnerabilities related to devices. These vulnerabilities have their public exploits which are available for hackers and Cyber Criminals.
WI-FI Security: How can I protect myself?
- Make sure my WLAN is well designed;
- Change the default passwords of my systems;
- Change the default settings of my systems;
- Periodically carry out Vulnerability Assessment activities;
- Periodically carry out Network Scan activities;
- Keep the security patches of the devices updated;
- Constantly analyze the traffic;
- Define the Security Management policies and procedures.