WPA3 - The newest wireless protocol standard



A new wireless standard is required

In a matter of very few years, the internet has amalgamated itself as a very powerful platform that has changed the way we communicate with each other, do business and the way we operate. Internet has fast become the universal source of information for millions of people- at home, school or at work. However, the means by which these millions of people are connected to the internet (if they’re connected wirelessly) is inherently insecure. Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. But do these protocols ensure complete security? The Answer is no. There exist a host of tools available for cybersecurity testers, which with a little application can easily be used for ill.

WPA and WPA2 are old technologies and have been around for close to 15 years now. Clearly, these are susceptible to attack with various loopholes and are fairly easy to crack into.

WPA and WPA2 is vulnerable to attacks

There are various vulnerabilities with respect to WPA2. The primary security vulnerability however obscure, is serious. It requires the attacker to already have access to the secured Wi-Fi network to gain access to certain keys and then perpetuate an attack against other devices on the network. The security implications of the known WPA2 vulnerabilities are susceptible almost entirely to enterprise level network security which is very risky for the enterprises.

The biggest vulnerability in WPA armour—the attack vector through the Wi-Fi Protected Setup (WPS) still remains unresolved in modern WPA2. Although breaking into a WPA/WPA2 secured network using this vulnerability requires anywhere from 2-14 hours of sustained effort with a modern computer, it is still a legitimate security concern. That’s not all, if you may recall, there was a serious weakness discovered in WPA2 networks last year which put the once-trusted security standard into a precarious position.

The security flaw was dubbed KRACK. (Key Reinstallation Attack) Krack vulnerability directly affected Wi-Fi protocol and not a specific product or implementation. It targeted the third step in a four-way authentication "handshake" performed when a WI-FI client attempts to connect to a protected network and allowed an attacker to intercept data from a nearby Wi-Fi network, including passwords, photos, credit card information, private messages, emails and web activity. Basically, anything that's normally protected and encrypted by the WPA2 standard.

The KRACK attack put the security of the WPA2 standard itself in question, a huge question about security arose. Any new improvements to better the security aspects? A new standard in question? The questions remained unanswered until Wi-Fi Alliance, the non-profit body that defines and promotes the standards of Wi-Fi technology, recently unveiled the new WPA3 Wi-Fi security standard at CES in Las Vegas.

Welcome WPA3

Building on the security advantages of WPA2, WPA3 was designed to not only eliminate KRACK-style attacks, but to also reduce the potential for weaknesses brought by bad configurations and weak passwords. WPA3 also aims to protect managed networks with a more centralized authentication system.

Since WPA3 is an entirely new standard and is meant to replace WPA2, users may have to buy new "WPA3 certified" equipment to take advantage of it.

New WPA3 security enhancements as announced by WiFi alliance:

There are four main enhancements to the WPA3 standard.

1.  “Robust protection against weak passwords.”

This enhancement is aimed for people who use weak passwords (for example, “password”), as well as aimed at protection against what are known as dictionary attacks or brute force attacks that can lock out a device after a number of unsuccessful attempts. This new feature in WPA3 aims to protect your network even when you decide to use a weak Wi-Fi password.

2.  “Simplification of configuration process”

WPA3 aims to simplify the configuration process and to do that, it offers security for devices with limited display interfaces. This will prove to be ideal for sensors and Internet of Things’ devices. With simplification of configuration, you will now be able to tap a smartphone against a device or sensor and then provision the device onto the network.

3.  “Individualised encryption for open networks”

This enhancement is specifically for public networks or open Wi-Fi networks, such as, restaurants, stores and coffee shops. WPA3 device will provide users with individualized data encryption eliminating the need to configure a network password. This will prove to be a big privacy boost for open and public networks considering that, connected users won't be able to read each other's data once enabled.

4.  “Compliance with CNSA”

Finally, WPA3 aims to deliver strong and robust security for government, defence, and industrial networks by complying with the Commercial National Security Algorithm (CNSA) Suite. CNSA is a 192-bit security protocol mandatory for secure networks. Encryption in WPA3 will be further strengthened with a 192-bit security suite.

Read the official announcement about WPA3 here

GajShield Alert - KRACK WiFi WPA2 security vulnerability threatens all networks

Security researchers have found a devastating flaw in WPA2 WiFi encryption protocol that makes it possible for hackers to intercept your sensitive information. This vulnerability named KRACK (Key Reinstallation Attack) affects Wi-Fi protocol and not a specific product or impentation. An attacker within range of a victim can exploit these weaknesses.

KRACK targets the third step in a four-way authentication "handshake" performed when a WI-FI client attempts to connect to a protected network. This can lead to stealing of information by the attackers including your credit card and confidential data. 

To protect against this flaw, major OSes and routers are working round the clock to provide a patch. Apply the patch as soon as possible. Meanwhile, do not share any personal or confidential information on a non secure website and only use secure or HTTPS sites.

Also avoid using free hotspots or use a secure VPN or connection like GajShield Enterprise Cloud, if you must use a Wifi network. 

Our research team is working in our labs to gain more information about the latest KRACK attacks and will keep you updated on future course of action. Until then keep a close tab on any latest updates or patches released for your affected products and apply them as soon as possible

Latest information on Krack based on companies

Petya and EternalBlue: Spread of a deadly ransomware

EternalBlue was used in the propagtion of both WannyCry and Petya. It is believed that this exploit was developed by NSA and was leaked by Shadow Broker hacker group. 

EternalBlue exploits a vulnerability in Microsoft Windows SMB v1 service which allowed to execute arbritary code from a remote system on the target computer. Microsoft did release a patch for all of its operating system which had this vulnerability including unsupported Microsoft XP.

More details of the vulnerability can be found at the CVE and its catalogued as CVE-2017-0144 (https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144)

It is believed that Petya spread through a vulnerability in a third party software M.E. Doc used in Ukraine, which explains why it impacted Ukraine the most. Unlike WannyCry, Petya used multiple techniques to propogate. These included EthernalBlue, a technique used by Mimikatz and other tools leveraging lsadump to dump passwords from memory and it also used PSEXEC and WMIC to spread across the network.

It is advised that you patch your windows system, if they are not already patched. Like WannyCry, block SMB ports on your firewalls, disable local Administrative rights for users, do not reuse the same passwords across different system. If best pratices are followed, not only attacks like Petya, WannaCry but also future attacks be limited.

GajShield Security Alert - https://www.gajshield.com

Many firms across the world hit by global cyber-attacks

British, Russian and Dutch companies were among those targeted by the "powerful" hack, which is quickly spreading.  Major firms, airports and government departments in Ukraine have been struck by a massive cyber attack which began to spread across Europe.

In Ukraine, government departments, the central bank, a state-run aircraft manufacturer,  the airport in Kiev and  the metro network have all been paralysed by the hack. Advertising firm WPP of UK too have been affected by this attack. Maersk, a Danish transport too has been impacted by attack.

The attack seemed to be consistent with a ransomware described as a variant of a virus Petya or Petrwap. It is also believed that the malware uses a vulnerability in SMB file sharing system.

More information coming soon. 

GajShield Security Alert - https://www.gajshield.com

Cover Story on GajShield

Silicon India cover story on GajShield.

GajShield: Soaring Higher with Bleeding Edge Security Solutions that are Made in India

To reach the finish line amidst the fierce competition, IT organizations must dabble through the minefield crammed up cyber threats spawning abreast with dynamically changing trends, where newest technologies are capturing the hot seat from newer technologies frequently. As cyber criminals are creating more mines at full tilt to steal data, enterprises need blast-proof suits invented apace with technological evolution and more importantly, visibility through context-based solutions to ensure that they are running in the right track. Encompassing both these features is the next generation firewall suite of GajShield proudly made in India, which is comprised of a unique set of solutions such as context-based data leak prevention, cloud security for roaming users, application filtering and BYOD security among others. This Mumbai-based company stays one step ahead of its competitors by constantly innovating stronger shields that are quintessential to tackle the growing threats.

Click here for more details...

Page 1 of 5