Understanding wireless security
BACK WHEN WI-FI was introduced in 1998, nobody really predicted that it would be as ubiquitous as it is today. Now, nearly every household in Australia has its own Wi-Fi network, and most have finally learned to get at least the basics of security right. There are still common vulnerabilities and flaws in people’s setups, but even those are set to be fixed up in the next few years as new implementations of Wi-Fi security are introduced.
So with WPA3 right around the corner, we thought we’d take a look at Wi-Fi security in the past, today, and what’s coming up to better protect our networks.
THE OLDEN DAYS: WEP
Back when Wi-Fi was first introduced, we had WEP (Wired-Equivalent Privacy) for security. WEP was ugly: it used weak 40-bit encryption and the passwords were horrendous strings of hexadecimal characters (later routers would build in a hashing function that would turn regular words into hexadecimal strings, making life a little easier).
WEP had all sorts of issues. While it would theoretically stop people without the key from connecting to the network, it provided no individual privacy on the network. Because everyone used the same encryption key, anybody on the same Wi-Fi network as you could listen in on your data. This is still an issue today.
More importantly, it also turned out to be incredibly vulnerable to being cracked. Tools were developed that would allow a hacker to crack encryption keys just by listening to data being transmitted over the airwaves for a while. By analysing the data, the hacker could reconstruct the key and gain access to the network.
That situation was untenable, and WEP was officially deprecated in 2004 when WPA came along. Still, WEP implementations would persist for many years after — and there are probably still a few homes using it.
TODAY: WPA AND WPA2
In 2004, The Wi-Fi Alliance had a solution for the problems with WEP. That solution was Wi-Fi Protected Access (WPA).
With WPA, a number of important changes were made. From a usability point of view, it allowed regular text passwords to be created, rather than using terrifying hexadecimal strings. It upped the encryption to 128-bit. It also included a message integrity check — a kind of checksum to ensure that packets of data didn’t get altered en route.
Perhaps most importantly, it implemented a technique called Temporal Key Integrity Protocol (TKIP). TKIP generated a new key for every packet of data, which stopped passive listeners from analysing packets and figuring out the key as they did with WEP, solving its most glaring problem.
In 2006, WPA2 came out — a slight upgrade for WPA — which implemented (deep breath) Counter Mode Cipher Block Chaining Message Authentication Code Protocol, an improvement over TKIP, addressing some of its vulnerabilities.
And that’s what we’re essentially using today. Most routers and access points come pre-configured with WPA2, and the vast majority of people are using that protocol.
The problem is that WPA2 is far from flawless. Over the years a number of vulnerabilities have been discovered, and while some are user-fixable, some are not. To break down some of its most glaring issues:
A common authentication method is Wi-Fi Protected Setup (WPS), a system found to have massive vulnerabilities. WPS is designed to be like Bluetooth, where you ‘pair’ devices with the network by inputting a numerical key or simultaneously pressing a button on the router and wireless device. It was built so people didn’t have to remember passwords, but in 2011 it was found that WPS could be easily cracked and new wireless devices connected to the network without authorisation in just a few hours. Amazingly, despite the fault being well known, most routers still ship with WPS turned on by default. We strongly recommend finding the WPS setting in your router and disabling it if you can.
Of course, passwords are also a problem. Moving from hex keys to regular passwords made WPA easier to use, but it also meant that people would do what they always do with passwords: use bad ones. Dictionary words, ‘1234’ or ‘password’ will connect you to a lot of Wi-Fi networks.
Shared keys. Most WPA network use a single pre-shared key; that is, a single password for all users. That means that all users on the same network are using the same key, and can potentially listen in on each other’s data streams. This is particularly a problem on public Wi-Fi networks, and why we always recommend using a VPN service when connected to a public Wi-Fi network.
In 2017 another major hole was found in WPA. The so-called KRACK (“Key Reinstallation Attack”) allows an attacker to trick a router into resending handshake/ initialisation packets, and to use those packets to progressively rebuild the Wi-Fi encryption key. KRACK is a critical vulnerability, and there is no known user-based solution: it’s a flaw in WPA2 itself.
WPA3: THE UP AND COMER
All this bring us around to WPA3. WPA3 started being implemented in routers late last year. It’s still exceedingly rare, commonly only found in new high-end devices, but it will be implemented more widely over the coming years, eventually completely replacing WPA2.
WPA3’s most important feature is ‘forward secrecy’. With forward secrecy, a new key is generated for each wireless session. The wireless password is not used as an encryption key — it’s used as a form of authentication.
So what does that mean in human speak? In practice it means that users on the same wireless network can’t ‘listen in’ on each other’s communications, nor can a hacker record an encrypted data stream and take it home to try and brute force the password by using a dictionary attack (a dictionary attack is where a hacker tries a huge number of common phrases and passwords in quick succession).
Forward secrecy goes hand in hand with simultaneous authentication of equals. Instead of the handshake of WPA2, both the access point and wireless device negotiate a key exchange. This solves the problem of the KRACK attack, and a limit of one password attempt per session severely curtails the possibility of brute force attacks, meaning that you can have a weaker, more memorable password with less chance of it being broken quickly. It also allows encryption even on an open network, so long as both access point and end device support WPA3.
Finally, WPA3 gets rid of the insecure WPS system. In its place is Easy Connect, a system that allows a managing device (such as the access point or a PC) to generate a QR code that other devices can use to connect to the network. It also allows enrolment in the wireless network through near-field communications or MAC addresses. It’s much more secure than WPS, and perfect for enrolling ‘headless’ devices like IP security cameras in the network.
So there it is: WPA3 essentially solves all the major issues with WPA2. Likely, new problems will arise in the future, but if you have a router that supports it, it’s worth switching over as soon as you can.