WPA3 is the new standard for Wi-Fi encryption. The new specification was launched in 2018 and should make Wi-Fi even more secure.
The same applies to Wi-Fi as for any other IT infrastructure: companies and private individuals need to encrypt their wireless network to protect it from hackers. With this in mind, the Wi-Fi Alliance (WFA) defined the WPA (Wi-Fi Protected Access) standard in 2003. Its successor, WPA2, was launched in 2004. For many years it was considered to be absolutely secure until in 2017 researchers discovered the KRACK attack method (Key Reinstallation Attack) which enabled data packets to be decrypted. In response, the WFA developed a successor – WPA3 – in 2018. Nevertheless, WPA2 devices can still be operated securely with up-to-date patches and a strong password. But WPA3 increases the level of Wi-Fi security even further.
Weaknesses of WPA2
But let’s return to the KRACK method, which attackers use to exploit the weaknesses of WPA2 – if they are physically located close enough to their potential victim. A “four way handshake” is used to make an encrypted connection between the Wi-Fi access point and the relevant client (smartphone, laptop, IoT device etc.) via WPA2. This ensures that both endpoints are using proper login information and exchange the master key which enables the data to be encrypted. For WPA2, this is generally generated using the secret Wi-Fi password – which verifies both the access point and the Wi-Fi client – and the name of the Wi-Fi (SSID). The latter is public.
The master key forms the basis for all other keys which are used to transmit encrypted data in each individual Wi-Fi session. The handshake process establishes a new encryption key for every connection, enabling rapid logins. But the handshake is only safe as long as this key is just used once. To ensure this, WPA2 uses a nonce (number used once), which changes with each key used.
And this is the weakness the KRACK attack method homes in on. It manipulates the handshake so that an already-used key can be used again, by intercepting the receipt confirmations of the Wi-Fi client. The client believes that the data packets have been lost and resends them. This results in a reset. The nonce is reset to its previous value and the key is reinstalled: i.e. the key is reused. Hence the name Key Reinstallation Attack (KRACK).
Now attackers can eavesdrop on the data traffic and, for example, start brute force attacks to discover the secret Wi-Fi password and, consequently, the master key too. They try out numerous combinations or work through automated password lists (dictionary attacks). Thanks to KRACK, hackers are also in a position to access usernames and passwords, as well as accessing the data saved on the devices. In the worst case, they are able to bypass the encryption completely. To prevent this, users should install the latest patches or communicate via a VPN tunnel – or rely on the WPA3 standard introduced in 2018.
WPA3 closes the gaps
This is because WPA3 closes the KRACK security vulnerabilities by replacing the four-way handshake with an improved procedure called Simultaneous Authentication of Equals (SAE). One of the new features here is simultaneous authentication. Whereas, up until now, only the Wi-Fi client needed to be authenticated by the Wi-Fi base station (but not the other way round), now the Wi-Fi base station also needs to authenticate itself. Another feature of SAE is that the secret Wi-Fi password and the encryption key are no longer transmitted between the client and the Wi-Fi base station. That means attackers have less room for manoeuvre, as they are not able to manipulate and record the data transfer. This means that subsequent brute force attacks to find the password and master key no longer make sense either.
What’s more, WPA3 excludes the encryption of unsafe protocols and hashes such as TKIP (Temporal Key Integrity Protocol) and MD5. Optional Protected Management Frames (PMF) – which were optional for WPA2 – are compulsory for WPA3. PMF also encrypts the management information used to establish and operate data connections which are transferred via Wi-Fi. Other advantages of SAE are that the method uses a stronger 192-bit encryption as a minimum (previously 128-bit), and that it uses Perfect Forward Secrecy (PFS) to ensure attackers cannot subsequently decrypt recorded messages – even if they have the Wi-Fi password.
Prerequisites for WPA3 and manufacturers
Wi-Fi routers and clients which use the latest Wi-Fi 6 (802.11ax) Wi-Fi standard are already equipped with WPA3, if the devices are certified by the Wi-Fi-Alliance. A firmware or driver update is needed to update routers with 802.11ac (Wi-Fi 5) to WPA3. In order for WPA3 to work, the devices and their operating systems must support the standard.
- Windows 10 supports WPA3 from Version 1903, however the driver for the Wi-Fi module also needs to be compatible with the new standard.
- Apple devices support WPA3 from macOS Catalina 10.15 upwards, or from iOS 13
- Android smartphones need at least Android 10. However, not every smartphone or tablet model supports WPA3. This depends on the manufacturer.
WPA3 is backwards compatible and, in principle, can be implemented relatively simply for existing Wi-Fi devices via a firmware update. This depends on the relevant manufacturer. For example, AVM has made its Fritz!Box models WPA3-capable from the Fritz-OS 7.20 version upwards. If a router supports WPA3, users will find the appropriate option under Settings. The Wi-Fi Alliance website also offers guidance with its Product Finder. A keyword search for “WPA3” will show which devices currently support the new encryption standard. Those buying certified Wi-Fi devices equipped with Wi-Fi 6 from Cisco, Juniper and similar providers are certainly on the safe side. These all support WPA3.