WPA2 KRACK attack that broke the previous standard for WiFi and pushed the Wi-FI Alliance into developing WPA3. For the full technical report on their latest discoveries, just look at their blog.
The news was released after the WiFi Alliance was informed and the standards are being updated to a more secure protocol, reported the researchers. However, this update is not backwards compatible with current WPA 3 deployments but does prevent most attacks.
The WPA3 security protocol from the Wi-Fi Alliance is quite new, launching in mid 2018. As the first major improvement to WiFi in over a decade, it brought in a set of guidelines for better protection for simple passwords, individualized encryption for both personal and open networks, and extra encryption for company networks.
The Wi-Fi Alliance itself is a nonprofit that promotes and certifies Wi-Fi products for conformity to certain standards and levels of interoperability. You know this organization visually because of its trademarked Ying-Yang inspired logo trademark which is attached to most routers. Interoperability means that you can expect that all devices – old and new – bearing the Wi-Fi logo will be able to play together on your network.
The problem with WPA3 – and the Wi-Fi Alliance itself – is that the standards are privately selected from within. That is substantially different from open source, where the design can be openly picked apart by about everyone to root out vulnerabilities and weaknesses. Some of the more known open source products on the market are Linux, the Mozilla Firefox and Chromium browsers, and LibreOffice. And as the researchers pointed out in their report: “It also, once again, shows that privately creating security recommendations and standards is at best irresponsible and at worst inept.” They also pointed out that there had been criticisms and suggestions of less vulnerable options suggested by developers to the Alliance.
There is no need to throw out your router – yet. Just remember that this device is a de facto computer. It will likely have an array of vulnerabilities exposed over its lifetime that need to be patched. The best security practice is to regularly check for firmware updates to the device – and apply them.