The Wi-Fi Alliance, a consortium of companies that sets standards for consumer Wi-Fi, has announced a new version of the Wi-Fi Protected Access protocol used to authenticate individual devices on a network. The current standard, WPA2, has been in use since 2003, but in late 2017, a massive vulnerability that makes it possible for traffic to be intercepted and decrypted was publicly disclosed. The attack method, known as KRACK (key reinstallation attack) affects nearly every Wi-Fi-enabled device including PCs, smartphones and routers, because WPA2 is the de-facto standard for security.
WPA3 is intended to make Wi-Fi networks much more secure, especially in situations where Wi-Fi access points are used without network passwords, such as public hotspots. Traffic streams between the access point and end-user devices will now be encrypted individually, improving privacy and security.
Exact details are not known yet, but the Wi-Fi Alliance has stated that it intends to simplify the process of choosing and setting up strong passwords, especially on devices that do not have screens, which is a growing concern in the age of internet-connected appliances and sensors. Brute-force attacks, which can be used to guess passwords to gain access to a network, will be deterred. Further, a 192-bit security suite has been implemented for sensitive corporate, industrial and government applications who need to comply with legal security requirements.
Wi-Fi devices will need to be updated and recertified by the Wi-Fi Alliance, or simply replaced, in order to support WPA3. It is unclear whether there will be backward compatibility to allow older devices to continue to work. The rollout will begin in 2018, but more specific timeframes will only be known once hardware and software vendors release their own plans.
The Wi-Fi Alliance is also working on the emerging Wi-Fi 802.11ac and 802.11ax standards, designed to support multiple access points covering larger areas, and to help users manage traffic and prioritisations between multiple devices on their Wi-Fi networks. 802.11ax is expected to roll out this year but might not see much traction till at least 2019, and promises to improve speeds to up to 600MBps, manage device connections more intelligently, and direct radio waves at specific devices rather than broadcasting in all directions.