Wi-Fi Protected Access II, commonly known as WPA2, has been the standard for securing wireless networks for over a decade, but cracks are starting to show. The industry is now getting ready for its successor and we might see it in new devices this year.
WPA3 will simplify Wi-Fi configuration while providing improved security and data encryption, announced the Wi-Fi Alliance, a standards organization whose members include Apple, Microsoft, Intel, Samsung, Cisco and other major technology companies.
One notable feature of the new standard is that it will protect Wi-Fi connections even when users choose a weak password that "falls short of typical complexity recommendations." This means it will likely include defenses against brute-force dictionary-based attacks, one of the most common methods of breaking into wireless networks.
There aren't any technical details available for WPA3 because the technical specification hasn't been published yet. However, Mathy Vanhoef, an academic researcher from the University of Leuven, believes that the brute-force protection in WPA3 will be achieved by switching to a new key exchange protocol called Simultaneous Authentication of Equals (SAE), or Dragonfly.
A few months ago, Vanhoef found a serious weakness in the four-way handshake of the WPA2 protocol, which is used by clients who know a Wi-Fi network's pre-shared key (password) to negotiate an encryption key with the access point. There are patches to mitigate Vanhoef's attack, dubbed KRACK, but it wouldn't be surprising if the Wi-Fi Alliance opted for a more robust key exchange mechanism in WPA2's successor.