Last October, before Intel’s Management Engine was completely broken and the Spectre and Meltdown exploits drove Intel’s security profile further into the ground, we had a problem with wireless networking. WPA2 was cracked with KRACK, the Key Reinstallation Attack. The sky isn’t falling quite yet, but the fact remains that the best WiFi security currently available isn’t very secure at all.
This week, at the Consumer Electronics Show in Las Vegas, the WiFi Alliance announced they would introduce security enhancements in 2018. While it’s not said in the press release if this is a reaction to KRACK, the smart money says yes, this is indeed a reaction to KRACK.
Four new capabilities are outlined in the upcoming release of WPA3 this year. One feature will be protection for users who do not choose complex passwords. A second feature will simplify the process of configuring security on devices that have no display, ostensibly like that little button on your router that you’ve never pressed. The third feature will ‘strengthen user privacy in open networks’, while the fourth, the one we really care about, will add a 192-bit security suite which will, ‘further protect WiFi networks with higher security requirements’.
While most devices currently in service should have a patch for KRACK by now, there will always be thousands of unpatched devices, because, really, who is in charge of the router at your local coffee shop? We’re not sure about the timing of the WiFi Alliance’s announcement of upcoming security improvements: coming during CES when the entirety of the tech press is gawking at manned quadcopters and an endless variety of voice assistants. But we have to say better late than never.