Proton VPN のホームページ
ProtonVPN

WiFi is the technology that lets you wirelessly connect your computer or mobile device to the internet. As with any connection on a network, there are ways for hackers to intercept the signal to steal data or manipulate the transmission. WPA3 is the latest security standard for keeping your WiFi connections secure. 

It’s a great improvement over its aging predecessor (WPA2), but there remain concerns over WPA3’s security. 

As a “standard”, WPA3 is not a specific piece of software. It’s not even a single algorithm or protocol. Rather, WPA3 is a collection of security methods specified by a certification organization and designated as the global “gold standard” for secure WiFi implementation.

With some 19.6 billion WiFi-capable devices(new window) currently in use, the need for secure WiFi is clear. Let’s look at how your devices are designed to keep you safe.

WPA3 — a history

The Wired Equivalent Privacy (WEP) security algorithm, introduced in 1997, was part of the original IEEE 802.11(new window) standard that defined how WiFi networks operate. Unfortunately, it quickly became clear that WEP was fatally flawed(new window) because of weaknesses in its encryption algorithm.

In 2003, the nonprofit Wi-Fi Alliance®(new window) officially announced the successor to WEP — Wi-Fi Protected Access(new window) (WPA) standard, followed in 2004 by WPA2. This standard was considered secure until 2017, despite increasing concerns over its failure to provide perfect forward secrecy.

In 2018, researchers published a white paper(new window) showing that all WPA and WPA2 connections could be almost trivially hacked, exposing all data that wasn’t otherwise encrypted. For example, by using a VPN or HTTPS(new window) (which was much less common in 2017 than it is now). The only real limitation to this so-called KRACK(new window) attack was that the hacker had to be within physical range of the target WiFi network.

The Wi-Fi Alliance rushed to patch the problem, but since a huge number of old routers remain in use, even WEP remains worryingly common more than 20 years after it was declared unfit for purpose, and billions of WPA2 routers remain in use that are unpatched. 

Fortunately (and much more successfully), Windows, macOS, Linux, Android, and iOS/iPadOS have all been patched to protect against KRACK.  

Nevertheless, few people were surprised when, in 2018, the Wi-Fi Alliance announced(new window) a new WiFi security certification, WPA3.

What is WPA3?

WPA3 defines an amalgam of security standards. Some of these are mandatory and must be implemented for a device to display a Wi-Fi CERTIFIED™(new window) sticker. Some standards are recommended for use with WPA3 but are not required for WPA3 certification. We’ll come to these later.

The Wi-Fi CERTIFIED™ logo

WPA3 includes many small improvements over WPA2 — far too many to detail here. However, the key improvements are:

Protected Management Frames (PMF)

Management frames(new window) play an important role in the underlying structure of wireless networking — notably in authenticating and deauthenticating devices. With PMF(new window), these management frames are encrypted to provide protection against a number of threats, including:

  • Disconnect attacks (new window)(also known as Wi-Fi deauthentication attacks) — A type of denial-of-service attack that disconnects a device from the WiFi network. Disconnect attacks are often used to facilitate other kinds of attack, such as…
  • Honeypot(new window) and Evil twin(new window) attacks — These attacks attempt to trick you into connecting to malicious WiFi networks, so a hacker can snoop on your otherwise unencrypted browsing history.

Improved password security

One of the central design goals behind WPA3 addresses the biggest problem with WiFi security — that people use weak, easily-guessed passwords(new window) to protect their WiFi networks. And with WPA2, even if you have changed your password to something genuinely secure, hackers can make an unlimited number of guesses as to what it is.

Known as a dictionary attack(new window) (itself a form of brute force attack(new window)) hackers can use specialized software to throw thousands of passwords every minute at a route until the correct password is found.

WPA3 mitigates against such attacks by using a Simultaneous Authentication of Equals (new window)(SAE) handshake, which prevents an attacker from guessing more than one password per attack.

This means every time an incorrect password is entered, the hacker must reconnect to the target WiFi network, making dictionary attacks impractical. SAE can also flag when a certain number of password attempts have been made. 

Perfect forward secrecy

A major problem with WPA2 is that it doesn’t use perfect forward secrecy. This means that if a router’s private key becomes compromised in some way, a hacker can compromise all otherwise unencrypted traffic passing through the router. In fact, it’s possible to collect encrypted data that doesn’t use PFS, to be decrypted at a later time if the key becomes available. 

The Simultaneous Authentication of Equals handshake used by WPA3 solves this problem. Based on a Diffie–Hellman key exchange(new window), WPA3 can implement perfect forward secrecy for WiFi connections, generating a new and unique private encryption key for each WiFi session.

Learn more about perfect forward secrecy

WPA3 versions

There are two WPA3 standards tailored for different situations: personal and enterprise.

WPA3-Personal

Designed for home use, WPA3 Personal emphasizes convenience over security. Like WPA2, it uses AES-128 encryption in CCM mode(new window), which authenticates the connection and encrypts it. But it additionally offers SAE to prevent brute force attacks (and therefore also perfect forward secrecy).

Learn more about AES encryption

WPA3-Enterprise

Aimed at businesses, governments, and financial institutions, WPA3-Enterprise offers improved security at the cost of some convenience. For example, WPA3-Enterprise requires additional infrastructure to deploy, including an authentication server to handle device authentication and key management.

Unlike WPA3-Personal, the use of Protected Management Frames secured with 128-bit encryption is mandatory. 

For businesses that require additional security, WPA3-Enterprise offers an optional “192-bit security mode”, that uses AES-128 encryption in GCM mode(new window) to secure data and authenticate the connection. This is similar to CCM mode, but is arguably more secure and uses different mathematical equations.

The enterprise version also uses elliptic curve cryptography — a 384-bit ECDH(new window) or ECDSA(new window) key exchange — which is noted for being both fast and secure. And to validate encrypted connections, it uses HMAC SHA-385 hash authentication(new window). Protected Management Frames must use a higher level of encryption: 256 bits.

In addition to PMF and SAE, the original WPA3 proposal included two standards that were dropped from the final WPA3 certification program. 

Wi-Fi Enhanced Open

Wi-Fi Enhanced Open uses Opportunistic Wireless Encryption(new window) (OWE) to greatly improve the security of public WiFi networks(new window), mitigating many of the dangers associated with operating an open network. Wi-Fi Enhanced Open therefore allows for convenience of connecting to a WiFi hotspot without the need for authentication.

Wi-Fi Easy Connect 

A replacement to the wildly unsafe Wi-Fi Protected Setup(new window) (WPS), that allows you to connect to a router at the push of a button, Wi-Fi Easy Connect lets you to easily set up a device by scanning a QR code or NFC tag. As a nice bonus, this connection will persist, even if the WiFi password is changed.

A missed opportunity?

Both these standards are available with their own certification schemes, but not including them in WPA3 was viewed as a mistake by some. This was made worse by the fact that WPA3’s increased encryption key standards are only an optional feature of WPA3-Enterprise certification.

As Mathy Vanhoef, the PhD researcher who discovered the KRACK vulnerability in WPA2 noted(new window):

“Unfortunately, the WPA3 certification program only mandates support of the new dragonfly handshake. That’s it. The other features are either optional, or a part of other certification programs. I fear that in practice this means manufacturers will just implement the new handshake, slap a ‘WPA3 certified’ label on it, and be done with it”.

To be fair to the Wi-Fi Alliance, it wanted a quick uptake of the new standard from manufactures for security reasons, and was no doubt keen to make the transition as painless for them as possible.

To some extent, Vanhoef’s prediction has become true — there are many devices out there which only support the minimal WPA3 specification. However, there are also many higher-end devices that support the full range of Wi-Fi Alliance certifications.  

Known weaknesses

In 2020, Vanhoef published a group of five vulnerabilities, that he collectively termed Dragonsblood(new window) (referencing the Dragonfly Key Exchange of which SAE is a variant). These vulnerabilities exploit the fact that WPA3 is usually implemented with backwards-compatibility with WPA2, potentially allowing a hacker to perform a downgrade attack(new window) where they trick targets into connecting to a dummy router using WPA2. These WPA2 connections could then be hacked.

The Wi-Fi Alliance quickly announced the issue patched(new window), but a paper published in 2020 (co-authored again by Vanhaoef) demonstrated that these patches were “insufficient”(new window), because of the need for backward compatibility.

It remains unclear if WPA3, when run in compatibility mode (see below), is still vulnerable in 2023 to Dragonsblood attacks, but devices set to use only WPA3-Personal or WPA3-Enterprise shouldn’t be vulnerable.  

How to use WPA3 on your router

To achieve a WPA3 connection, both the router and the device connecting to the router must use WPA3. Most routers built from around 2020 support WPA3, but people tend not to upgrade their routers often. 

There are consequently a huge number of older routers still in use that do not support WPA3. In addition to this, the huge popularity of IoT devices, many of which still use WPA2, has hindered the widespread adoption of WPA3. 

In theory, manufacturers can push firmware updates to older routers, allowing them to support WPA3. In practice, not all manufacturers do this (and certainly not for their whole back-catalog of router models). And even when they do, few people routinely update their router’s firmware.

To see if your router supports WPA3, log in to its admin page (typically by entering the local IP addresses 192.168.0.1 or 192.168.1.1 into your browser’s URL bar while connected to the router), and locating your router’s wireless security settings.

Select a WPA3 WiFi mode

Most routers aimed at the domestic market default to a WPA3/WPA2 compatibility mode so that older WPA2-only devices can also seamlessly connect to them. Most domestic routers don’t support WPA3-Enterprise, as it’s not necessary for home use and requires additional hardware to deploy.

If your router doesn’t support WPA3, then it’s probably time to get another router. You can then connect it to the (likely low-quality(new window)) router/modem (set to run in modem-only mode) provided by your ISP.

Final thoughts

WPA3 greatly improves on the WiFi security offered by WPA2, with no real downsides. However, nothing is perfect, and WPA3 is no exception. In particular, using WPA3/WPA2 compatibility mode offsets most of the advantages of using WPA3. 

Of wider concern is the fact that standards bodies such as the Wi-Fi Alliance are dominated by vendors who have a vested interest in preventing their unsold and recently sold hardware becoming obsolete. 

Fortunately, the almost ubiquitous uptake of HTTPS over the last few years provides a strong second layer of security when using WiFi to connect to the internet, making the dangers associated with using public hotspots largely a thing of the past. 

Learn more about HTTPS keeps you safe online(new window)

Related articles

A lock with the colors of the Dutch flag
en
We ran a survey in the Netherlands and found that 51% of Dutch adults are worried about their online privacy. See the rest of the results.
s AliExpress reliable?
en
  • Privacy basics
Chinese shopping platform AliExpress is undoubtedly cheap. But is it also safe and reliable, or you are likely to get scammed?
How to fix a 502 error
en
In this article, we explain what a 502 bad gateway error is and explore possible ways to fix it as a visitor to a website.
Watch Thanksgiving Day football with Proton VPN
en
Here's how you can live stream this year's Thanksgiving football games using Proton VPN, whether you're watching from home or abroad.
Where to watch Macy's Thanksgiving day parade
en
Here's how and where to watch Macy's Thanksgiving Day Parade live from anywhere in the world with Proton VPN.
What we've been up to, and what's next
en
Here are the main things Proton VPN delivered this spring and summer and the exciting changes that lie ahead on our product roadmap this winter.