The Wi-Fi Alliance, with members including Apple, Dell Technologies, Intel and Microsoft, is rolling out WPA3, its replacement for WPA2, to help mitigate the risk of open Wi-Fi networks, according to the organization's announcement.
The upgrades include continued improvements on WPA2 as well as the launch of WPA3, which will simplify the process of configuring device security without compromising network security. Wi-Fi Alliance ensured that WPA3 will have "backward compatibility", so companies do not have worry about a complete overhaul of older devices.
WPA3, however, introduces a specification for device specific encyption, which means that even if the network can be accessed without passwords you'll be able to securely transmit data without worrying about interception by other devices.
With Wi-Fi CERTIFIED WPA3, the Alliance hopes that security in an Internet increasingly seen as leaky will again be at the forefront.
WPA2 is an industry-wide standard of safety put in almost all devices with wireless capability, but it is almost 20 years old, reports ZDNet. The industry body claimed that "testing enhancements will also reduce the potential for vulnerabilities due to network misconfiguration and further safeguard managed networks with centralized authentication services", according to the press release. Essentially it will protect against brute-force dictionary attacks by blocking authentication after a set number of failed login attempts.
Evolving security threats call for change in network security standards, which is why WPA3 has been so highly anticipated. Now in an open Wi-Fi network the connections between devices are not protected in any way, and thus listening and manipulating traffic is very easy.
It's too easy for anyone within range of the network to kick a user off with a DEAUTH attack without sending a significant amount of information to the network, which makes it hard to detect. Most of these capabilities will emerge later this year during the introduction of WPA3.
The US Department of Commerce and the Department of Homeland Security also recently recognized the need to evolve network security for defending against attacks against connected medical and IoT devices.