One of the most common myths associated with Wi-Fi® security is that wireless encryption is weak and easily cracked. To be fair, this myth does have a basis in reality, but that reality is two decades old. Practically speaking, there is no perfect security and no such thing as unbreakable encryption, but the simple fact is that a lot has changed since then, and the encryption available in Wi-Fi is significantly stronger.
Breaking WEP Security
Wireless networking exploded into mainstream acceptance in early 2000, and fundamentally changed the technology landscape from that point forward. The 802.11b standard dramatically increased throughput, and the cost of the underlying technology dropped, creating a perfect storm for widespread adoption.
The novelty of simply being able to set up a desktop computer without having to run an ethernet cable was exciting, and Wi-Fi also enabled the laptop boom—freeing people from being tethered to a single location at all. Of course, being able to communicate wirelessly and transmit potentially sensitive data through the air from Point A to Point B also introduced some security concerns—which is why the developers of the Wi-Fi standard included Wired Equivalent Privacy (WEP).
The United States government placed restrictions on exporting cryptographic technology to prevent our adversaries from obtaining encryption that was too strong for intelligence agencies to crack. The goal was for the Wi-Fi standard to be accepted globally, so developers used a 40-bit key that would stay within the export guidelines.
That worked for the US government. Unfortunately, using weak encryption with a weak encryption key comes with consequences as well. Researchers were able to quickly crack the WEP encryption. A variety of tools suddenly became available that would allow virtually anyone to crack WEP encryption within a few minutes.
Debunking the Myth
The ease with which WEP could be cracked and easy access to a plethora of tools available to do it tarnished the reputation of Wi-Fi. Many businesses and consumers make the mistake of leaving their wireless networks open, which makes them an even easier target. An attacker will generally choose the path of least resistance, so they are likely to go after wireless networks that are not protected at all than to invest any time and effort breaking into a protected network—even if it’s protected by something as weak as WEP.
For many people, the reputation of wireless networking as inherently insecure and easy to break into has endured. Nearly 20 years later, rumors persist that Wi-Fi networks are vulnerable, and that wired or cellular data networks offer better security and data protection.
The reality is that the industry quickly moved from WEP to Wi-Fi Protected Access® (WPA). WPA adopted the Temporal Key Integrity Protocol (TKIP), which significantly improved protection. TKIP dynamically generates a new 128-bit key for each packet transmitted and includes a Message Integrity Check designed to prevent attackers from altering and resending data packets.
WPA was replaced with WPA2 around 2004—which uses AES-CCMP encryption–and that remained the security standard for Wi-Fi until recently. AES encryption is rock solid and is still widely used today for very sensitive environments and data. In 2018, Wi-Fi Alliance® announced WPA3™ as the next generation of Wi-Fi security. WPA3 adds a 192-bit security level and replaces the pre-shared key (PSK) model of WPA2—which was susceptible to key reinstallation attacks—with simultaneous authentication of equals (SAE).
Wi-Fi and WPA3
Technology changes quickly and constantly. Wi-Fi technology and wireless networking are ubiquitous now, and standards like Wi-Fi must continuously evolve to embrace new technologies and new use cases. The threat landscape is also continually adapting and expanding—which means that the security technologies and protocols used by Wi-Fi must be updated as well.
All new devices certified by Wi-Fi Alliance now require WPA3, including Wi-Fi CERTIFIED 6 devices. , WPA3 offers a variety of security enhancements to strengthen and extend protection for Wi-Fi traffic. WPA3 ensures that Wi-Fi devices are more secure than ever—and just as secure as wired or cellular data networks.
WPA3 offers a variety of cutting-edge protections to defend against the latest techniques and exploits, such as:
- Operating Channel Validation (OCV) – Previously, a lack of Operating Channel Information (OCI) authentication has been exploited in KRACK attacks to enable Man-in-the-Middle (MitM) attacks. OCV adds OCI to the authentication handshake. If the access point (AP) detects that the information does not match, the confirmation is aborted.
- Beacon Protection – The AP provisions clients with the AP’s Beacon Integrity Key during security association setup and adds a message integrity check (MIC) element to Beacon frames that covers all but the timestamp field of the Beacon frame contents. Clients that are associated with the AP can verify the Beacon frame integrity and detect active attacks that forge or modify Beacon frames.
- SAE Public Key – Wireless networks are common in public spaces like coffee shops and hotel lobbies. The password is often posted publicly or easily accessible, enabling attackers to learn it and possibly launch an evil twin attack. With the SAE Public Key (SAE-PK) enabled, the client device validates the public key shared by the AP based on the password fingerprint and verifies the signature using the public key—protecting against such attacks.
- Transition Disable – Wi-Fi technology is smart enough to assess client devices connected and use a security mode that works for all. However, the ability to dynamically transition can be exploited to force a client device to use a lower security mode. Transition Disable enables client devices to change from a transition mode to an “only” mode when connecting to a network, once that network indicates it fully supports the higher security mode. This prevents an attacker from being able to downgrade the security.
Better Wireless Security
Wi-Fi security had some issues in the early days. WEP was easily crackable and that reputation has continued as a pervasive myth about Wi-Fi security in general that is simply no longer true. WPA3 ensures that your wireless connection is just as secure as a wired or cellular data connection and protects against the latest attack techniques.
- Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
- Mark Thomas Talks about Threat Hunting - January 5, 2023
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022