Last October, before Intel’s Management Engine was completely broken and the Spectre and Meltdown exploits drove Intel’s security profile further into the ground, we had a problem with wireless networking. WPA2 was cracked with KRACK, the Key Reinstallation Attack. The sky isn’t falling quite yet, but the fact remains that the best WiFi security currently available isn’t very secure at all.
This week, at the Consumer Electronics Show in Las Vegas, the WiFi Alliance announced they would introduce security enhancements in 2018. While it’s not said in the press release if this is a reaction to KRACK, the smart money says yes, this is indeed a reaction to KRACK.
Four new capabilities are outlined in the upcoming release of WPA3 this year. One feature will be protection for users who do not choose complex passwords. A second feature will simplify the process of configuring security on devices that have no display, ostensibly like that little button on your router that you’ve never pressed. The third feature will ‘strengthen user privacy in open networks’, while the fourth, the one we really care about, will add a 192-bit security suite which will, ‘further protect WiFi networks with higher security requirements’.
While most devices currently in service should have a patch for KRACK by now, there will always be thousands of unpatched devices, because, really, who is in charge of the router at your local coffee shop? We’re not sure about the timing of the WiFi Alliance’s announcement of upcoming security improvements: coming during CES when the entirety of the tech press is gawking at manned quadcopters and an endless variety of voice assistants. But we have to say better late than never.
By “thousands” I assume you mean “millions”.
You still see the occasional WEP network out there, and cracking that’s been trivial for what, a decade now? WPA3 has one hell of an up-hill battle ahead of it.
WPA2 is going to be around for a long LONG time…. after all, look how many people are effected by Spectre/Meltdown and don’t have any support anymore from manufacturers!
While Intel/Amd are patching at the CPU level, there is going to be _so_ many people with motherboards (and now maybe graphics cards it seems?) which will never get patched, and so many other devices such as phones / IoT devices which don’t even get looked at.
I know! Isn’t it great? :D
By “millions” I assume you mean “billions”. :-) There are at least 2 billion Android devices, and as fun Android can be system updates are always very thin on the ground. And this is before you count routers / PC’s / TV’s / Sat Boxes. This lost goes on. :-D
heck, I have about 40 android devices, between the phones I have turned into cameras, Kodi boxes, and just the pile of phones and tablets that I have collected (or turned into clocks). Running 2.3 4.1 4.4 5.0 5.1 6.0 and my newest one runs 7.1, so lots of systems that may never see an update. I am hoping to see some success on the Aftermarket OS. That would be cool
How many are going to be unable to handle this upgrade?
Krack, Metldown, Spectre…it’s enough to make you WannaCry!
+1
It makes my heartbleed.
With all these security holes coming out at once, I feel shellshocked!
… You know what THEYSAY all TOASTER toast TOAST
Everyone kNOWs this
Where does this image come from? a movie?
https://www.istockphoto.com/photos/hacker-girl?excludenudity=true&sort=mostpopular&mediatype=photography&phrase=hacker%20girl
They discluded nudity in the search? Bummer…
Shutterstock, with the title “Nonconformist Teenage Hacker Girl Attacks and Hacks Corporate Servers with Virus. Room is Dark, Neon and Has Many Displays and Cables.”
istockphoto, but yeah.
and why no balaclava. you cant hack without a balaclava.
Wool hat w/ extra duck tape over the logo seems to keep her head warm enough for hacking.
Me? I need a balaclava _and_ mittens!
I prefer oven mitts myself.
I’d guess she’s trying to thwart AI based facial recognition based on how badly she’d applied make-up in the shape of one of those eye covers for long air-plane journeys mixed with the duct-tape covering any identifying clothing brand.
Then again, It looks like the PC across from her (the one we see) is running some kind of DSP program (a skinned version of JackCTL and Jack-Patch?) with a PCM/waveform window of a Digital Audio Workstation (DAW) stacked above the two JACK applets.
Then there are two xterm terminals with man pages stacked, someone in the production studio probably updated something where PulseAudio and SystemD broke their machine… By then, the producer saw a perfect typical “Hollywood hacker” scene and decided to shoot the scene there and then after switching the bulbs for LED-Blue color, chuck some steel pipes in the back and on the PC running an xmessage dialog box over the top of a third temporary xterm window (the xterm they ran the xmessage from)… All on a nicely dark themed WindowManager.
TL;DR: Hollywood trying to make their scenes more realistic.
https://imgs.xkcd.com/comics/background_screens_2x.png
And gloves, oh and ski goggles.
I hope they’re taking care of WPS. It’s so easy to crack and so many people have it enabled unknowingly.
What WPA/wifi *needs* is bidirectional authentication – APs should have private keys so that spoofing another AP isn’t just a matter of cloning its SSID and MAC. It should also be possible through similar means to allow peoples devices to probe for the existence of known networks without giving those networks’ ids away.
But that would suck for having multiple APs with the same SSID on purpose.
Lemme guess. WPA3 isn’t going to be backwards compatible with WPA2, and if you want to connect your old WPA2 devices to a fancy new router, you won’t be able to enable WPA3 on it?
I’m still trying to find the near-mythical WPA2 “Enterprise” addon or whatever for Palm OS 5. Dunno why Palm didn’t bother to put out a WPA2 update for all Palm OS 5 devices with WiFi.
Maybe because Palm hasn’t existed anymore for a few years? they went belly-up, were sold to HP, then HP ditched the name to some shelf company who has been saying they would do something with it for years.
WHOOOSH.