With WPA3, Wi-Fi Security Is Improving but It’s Not Airtight
As anyone working in IT Security knows, Wi-Fi connectivity is a double-edged sword. Our modern, mobile workforce uses Wi-Fi (along with cellular) in ways that make businesses more productive, efficient and profitable than few could have imagined a couple of decades ago. But, since its inception late in the last century, Wi-Fi has always had security issues.
Continual improvement in Wi-Fi security protocols, most recently the advent of WPA3 encryption, is good news for most security professionals because Wi-Fi has become the default method of data transport onto most enterprise networks and is now mission-critical to operations. But most security executives generally view Wi-Fi as less secure than today’s standard 4G, LTE and early 5G cellular connections.
As organizations deploy more applications and data to devices every day, the networks that support this increased traffic load need major design and infrastructure considerations to ensure corporate data protection in the future.
Mobility managers realize that Wi-Fi security issues will directly and negatively impact both end-user communities and business operations. This includes the downtime needed to patch infrastructure devices such as wireless controllers and access points to further prevent network attacks.
The Wi-Fi Alliance is the worldwide network of companies working diligently to make Wi-Fi one of the world’s most valued and widely used technologies. It sets international security protocols and certification programs—or Wi-Fi Protected Access (WPA) standards—for user authentication and data encryption. Different WPA versions and protections are based on the target end user and the encryption protocol used. As the security landscape evolves, updated protocols and standards are released to combat newly discovered vulnerabilities.
In 2018, the Wi-Fi Alliance launched its latest security protocol upgrade—WPA3 (for a good history of previous protocols, read this). Among numerous updates and upgrades, WPA3 offers enterprises simplified authentication methods and a 192-bit security suite that aligns with the CNSA Suite currently protecting government agencies and industries that require more stringent security measures.
WPA3 not only adds components such as increased cryptographic strength, but simultaneously eliminates WPA2’s not-so-secure legacy protocols. WPA3 also adds new enterprise-grade authentication methods to help organizations address sensitive data protection needs. Here are three examples that show how this new Wi-Fi security standard helps:
- The old ways of WPA2 relied on handshakes—a.k.a. passcodes and/or phrases—to authenticate devices before allowing them to access a network. In 2017, a vulnerability known as “KRACK” uncovered and took advantage of a recent exploit that permits Wi-Fi network access even without these credentials. WPA3 is designed to prevent these attacks by implementing more rigorous protections that restrict network access in any scenario where a user’s passcode or phrase falls short of minimal enterprise security requirements.
- Wi-Fi networks don’t always require users to connect with a password, and these unencrypted networks can and will be used by many to target unprotected data. WPA3 is designed to protect users connected to these open, publicly accessible networks.
- Processes to connect devices without a screen (like IoT devices) to Wi-Fi networks are costly and time-consuming. Most devices require an additional application, if not an entirely unique, specialized process. In the future, WPA3 could provide an easier method for making this task possible. Perhaps even something as simple as a “press this button to connect” option.
While WPA3 is a significant step forward, it has shown vulnerabilities in its first year of activity. WPA3’s handshake process (nicknamed Dragonfly) has been affected by password partitioning attacks, which can allow network attackers to steal passcodes and phrases under the right conditions using side-channel attacks.
Even with patches, some technologies still lack the ability to enforce WPA3 standards unless the network infrastructure they’re connected to also supports this updated protocol. This lack of updated connectivity and compatibility has the potential to create security gaps and decreased enterprise adoption of WPA3-enabled technologies.
For optimal security, managers should keep all network hardware updated with the most current and advanced security patches available to ensure all vulnerabilities can be identified and resolved. Two best security practices that enterprises can employ are:
- Utilization of Unified Endpoint Management (UEM) consoles for device management, identity, and deployment.
- Implementation of Mobile Threat Defense (MTD) solutions to protect against integration risks with enterprise networking companies like Cisco, Aruba, and Aerohive.
At the end of the day, all security professionals should stay informed of new technology advances that will continue to change the Wi-Fi landscape. For example, Wi-Fi 6 (802.11ax)—which aims to increase Wi-Fi speeds much like 5G—is projected to super-charge cellular data speeds and revolutionize the future of enterprise technology.