World News – Three months after a vulnerability called Krack exposed critical weaknesses in the systems that keep Wi-Fi secure, the industry group responsible for Wi-Fi said a new generation of easier-to-use and harder-to-break security will be introduced this year.
The Wi-Fi Alliance — a consortium of tech giants that includes companies like Apple, Microsoft, Cisco and Intel — said in a statement timed for the opening of the annual Consumer Electronics Show that the new generation of the Wi-Fi Protected Access encryption protocol, called WPA3, would harden the connection between users’ devices and Wi-Fi routers.
The current Wi-Fi standard, WPA2, has been around for almost 15 years. (You’re probably using WPA2 on the computer or phone you’re using to read this.) WPA2 has been remarkably robust, but the discovery of the Krack vulnerability in October — showing that today’s Wi-Fi is completely hackable — made it clear that its time is running out.
The alliance disclosed few technical specifics — those will come in a public draft later in the year — but it said WPA3 will protect against Krack by default and will be easier to set up and use, especially on screenless devices, like smartwatches and connected-home systems, such as “smart” thermostats and refrigerators.
It will even protect users who choose simple passwords that are easy to crack by entering random words over and over, a strategy that’s called a “dictionary attack.”
“Finally, WPA3!! It will include a more secure handshake,” Mathy Vanhoef, the Belgian university researcher who discovered the Krack vulnerability, said on Twitter. “That means dictionary attacks no longer work.”
And it will make it much harder for hackers to snoop on your connection to a public Wi-Fi hotspot — the often-unsecured free public connections offered by libraries, businesses and hotels — by setting a unique encrypted data channel for each individual user on a network, according to the alliance.
WPA2, the current standard, isn’t going away. WPA3 will likely require newer hardware and software, meaning it will take time for it to reach industry-wide use. In the meantime, the Wi-Fi Alliance said, WPA2 will continue to be maintained and improved, starting with new tests for badly configured networks.
“Wi-Fi security technologies may live for decades, so it’s important they are continually updated to ensure they meet the needs of the Wi-Fi industry,” Joe Hoffman, director of Wireless Connectivity and Machinomics for the British technology analytics company SAR Insight & Consulting, said in the Wi-Fi Alliance statement.
by ALEX JOHNSON, NBCNews.com