back to article WPA3 is the magic number? Protocol refresh promises tighter Wi-Fi security

The Wi-Fi Alliance has taken the wraps off the latest generation of Wi-Fi security, WPA3. Delivered on Monday, the security protocol brings new and improved authentication and encryption to wireless networks. Both home and enterprise networks stand to benefit from the upgrade. The revamp includes Simultaneous Authentication …

  1. Anonymous Coward
    Anonymous Coward

    ROFL

    Although the new standard is a good step forward there will inevitably be a long tail of devices that don't get updated and hence remain vulnerable. Just think that WEP is still in use by some.

    Hands up how many of you have had an update of the code that your ISP supplied router runs?

    Come on now don't be shy.

    These are IMHO rarer than updates to two year old Android phones.

    1. Lee D Silver badge

      Re: ROFL

      ISP, not a chance.

      But I bet Draytek are working on it for their routers, etc.

      TP-Link and cheapios... maybe, maybe not depending on whether they think the chip can do it.

      More importantly - you'll probably need a Windows / Android update for it to work on the clients. By comparison, getting it going on the router is positively easy.

      1. Captain Scarlet Silver badge

        Re: ROFL

        To be fair TP-Link do regularly update their routers, but as they demand everything be reset to defaults every time I tend to get grumpy (Might be because I have some cheap one and they want to punish cheap people like me).

        Netgear do still provide updates (Based on a DGN2200, however most updates break at least one management interface link and if you click it a protection mechanism kills the web server rendering it useless)

        Our ancient Draytek Router though still receives updates

        1. Anonymous Coward
          Anonymous Coward

          Re: ROFL

          You have older TPL gear?? My current AC750 has been firmware updated twice - and no reset to default.

          1. Captain Scarlet Silver badge

            Re: ROFL

            @Ian Hmm I used to have a TP Link AC750 and it only reset a few settings each firmware update (I think it was a v2 model). The Archer C9 AC1900 has on every firmware updated told me it will reset settings to defaults and it has done exactly what it said.

            As I use them as a wireless bridge (Can't get powerline working due to crappy wiring), pain in the backside to re-setup the WDS bridge.

      2. rg287 Silver badge

        Re: ROFL

        But I bet Draytek are working on it for their routers, etc.

        Yeah, it's not as though this is a brand new announcement - the proposed standard has been in the works for ages, it's just now finalised. I would expect responsible vendors like Draytek and Ubiquiti have already done the groundwork and have a provisional implementation that will get polished up and pushed out as a firmware update in the fairly near future.

    2. PeeKay

      Re: ROFL

      Hands up how many of you have had an update of the code that your ISP supplied router runs?

      Hands up how many of you run a separate (secure) router INSIDE of the ISP provided one that does get upgrades?

      1. Anonymous Coward
        Anonymous Coward

        Re: ROFL

        Actually Sky update their routers quite frequently, my Sky Q Hub has had 4 updates this year already.

      2. phuzz Silver badge

        Re: ROFL

        "Hands up how many of you run a separate (secure) router INSIDE of the ISP provided one that does get upgrades?"

        We did, until an obscure bug in the Virgin (not-so)Superhub would drop our connection every fifteen minutes until we took it out of modem mode and removed the proper router.

        It's probably fixed not, maybe I should have another go at setting it up.

        1. circusmole
          Happy

          Re: ROFL

          I have a Virgin SuperHub in modem mode with a TP-Link AC3200 as a router - works perfectly.

    3. Gene Cash Silver badge

      Re: ROFL

      Shoot, before I switched my Linksys to LEDE, the "update firmware" button did nothing but give an error.

      This weekend I updated from LEDE firmware to OpenWRT, since they kissed and made up. It took 5 minutes and even kept all my settings. I was impressed.

  2. Anonymous Coward
    Coat

    Waits for MicroGit to claim WPA3 update is impossible on any Win version other than 10.

  3. Luke Worm

    New hardware needed?

    Does WPA3 need new hardware or not?

    Noticed lately that plenty of routers/repeaters are sold with big discounts… more to come, I suppose.

    1. Anonymous Coward
      Anonymous Coward

      Re: New hardware needed?

      We were told by our WiFi vendor that WPA3 is just a software update and no new hardware required. We’ll get WPA3 later this year for our current system.

      Of course, consumers will undoubtedly get shafted and be forced to buy new hardware.

      1. DougS Silver badge

        Re: New hardware needed?

        My understanding is that the only part of the standard that might require new hardware is a longer key length option requested by banks/defense, but that should not be something that would prevent updating consumer equipment that wouldn't be used in such environments.

        I'm hoping to see upgrades from DD-WRT but I think they're dependent on the vendors since some binary only wifi drivers are used - i.e. nas for Qualcomm ARM based devices etc.

        Since 802.11ax is around the corner, and that's the biggest upgrade wifi has seen since the introduction of the 5 GHz band, if I can't get my AC68Us upgraded I'll just stick with WPA2 for a few years until we start seeing 802.11ax routers for under $100. The security of WPA2 isn't perfect but it is good enough for most of us - not like I'm too worried about someone expending a lot of effort to specifically attack me.

    2. Mage Silver badge

      Re: New hardware needed?

      Not only the router, what about nintendos, PMPs, TVs, tablets, phones, laptops, cameras etc.

      Unless EVERYTHING you have that you need can be updated, what use is a new protocol?

      This is part of why there is no universal whitelisting only spam free email

      Part of why IP v 6 has a problem (it has other problems too).

  4. This post has been deleted by its author

  5. TReko

    There are still easier ways to hack routers than WPA

    WPA3 will be harder to hack, but most routers run web interfaces and many of these are vulnerable to XSS vulnerabilities.

    1. DougS Silver badge

      Re: There are still easier ways to hack routers than WPA

      You fix that by preventing access to the web interface from the outside - if you need to access it remotely you can use ssh -L.

      1. disgustedoftunbridgewells Silver badge

        Re: There are still easier ways to hack routers than WPA

        That isn't the problem. The problem is that a dodgy ad submitting a form to:

        http://defaultuser:defaultpass@192.168.0.1/turn-on-remote-access-plz

        The router could prevent that, by checking you've been on an intermediary page immediately before the form submission, or web browsers could prevent is by refusing to submit forms from extermal ip ranges to internal ip ranges without some sort of confirmation.

    2. itzman

      Re: There are still easier ways to hack routers than WPA

      so how do you get to te web interface without wifi?

      I mean you aren't in the premises and surely no one is stupid enough to leave their admin open to the whole internet...

      1. Lee D Silver badge

        Re: There are still easier ways to hack routers than WPA

        Er, yes, precisely... by the time you see an admin interface you are a) already on the network, b) on a badly configured system.

        Plus, things like UPnP and TR069 are the real risks.

      2. Mage Silver badge

        Re: There are still easier ways to hack routers than WPA

        malware on a site (likely in an advert) on your browser, and default password on the router.

        I change default passwords on everything and use uMatrix on phone & laptop to block scripts.

  6. cdrcat

    Apple wins then loses

    The second* Apple device I have loved: our Airport has been rock solid and is still getting updates (unlike most routers). I was looking forward to buying more of their gear but alas... Apple have stopped producing my second favourite Apple product.

    * My first (and now solitary) Apple love ended in ][+.

    1. A Non e-mouse Silver badge

      Re: Apple wins then loses

      My Apple airport hasn’t had a firmware update in a while. I wish it did have - maybe Apple would fix the IPv6 support in it.

  7. Anonymous Coward
    Anonymous Coward

    Pull the other one

    As long as the IC makers are Chinese (most of them now right?), they and the CIA will have a way in, and in time everyone else.

  8. steviebuk Silver badge

    But expect...

    ....Virgin to continue to supply their routers with no DNS options on the router itself to force you to use their DNS. No HTTPS on their router login and Virgin deciding what your WIFI password format has to be instead of you deciding what you want as your password.

    1. disgustedoftunbridgewells Silver badge

      Re: But expect...

      Sky are the same with DNS, but you can turn off DHCP if you want and run your own DHCP server.

  9. Anonymous Coward
    Anonymous Coward

    NSA endorced - so you know it must be great!

    Not a single mention of WPA3 using a NSA backed standard - Dragonfly PAKE (Password Authenticated Key Exchange). Nothing suspicious here, move along please, stop looking at your screen.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019