right-arrow (6)Back

WPA3: how to prevent KRACK attacks on your Wi-Fi networks?

Groupe_887Nov. 25, 2019

There is a serious flaw in WPA2 protocol which can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and much more. Hackers can get access to information that was previously assumed to be encrypted. All information can be target.

The proof-of-concept exploit is called KRACK – Key Reinstallation Attacks.

KRACK allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

1- WPA3 for more security

Wi-Fi 5 offers the WPA3 security which is the first major security improvement to Wi-Fi in about 14 years and protects Wi-Fi networks from KRACK attacks.

WPA3 is an update version more secure of Wifi Protected Access Protocol, it is very useful to secure wireless network.

The most significant additions to the new security protocol are greater protection for simple passwords, individualized encryption for personal and open networks, and even more secure encryption for enterprise networks.

ALE’s OmniAccess Stellar products support WPA3 on all access points. This is major benefit to customers who want to maximize security on the Wi-Fi 5 network without being required to upgrade their system to Wi-Fi 6.

Another security feature is ALE’s unique IoT containment technology which connects any Wi-Fi device securely and automatically. This is a simple and cost-efficient way to virtually segment your network versus physically segmentation which can be a very costly implementation.

ALE also provides scanning dedicated radio on all Wi-Fi 6 access points for improved security and interference avoidance.

ALE provides maximum security for your Wi-Fi 5 or Wi-Fi 6 deployment with simplified operations in a cost-efficient way.

2- Methods of WPA3 (Wi-Fi Protected Access 3): How does it work?

In WPA3-Personal mode: 128-bit encryption and 192-bit for Enterprise. With the use of Simultaneous Authentication of Equals, WPA3 replaces the PSK (Pre-Shared Key) for more security in key exchange.

Mecanisme authentication SAE (Simultaneous Authentication of Equals), this protocol do not transmit a password easily, but transmit an ID derivate from the password. It’s more difficult for an hacker to find the value of the password. This system is called DPP for Wi-Fi Device Provisioning Protocol. It replaces the readily exploitable Wi-Fi Protected Setup (WPS).

With DPP, devices can join a network through QR codes or NFC tags and not only by using a password.

The security is also improved for open Networks, such in education areas, hotels, auditoriums…