Wireless Security: WEP, WPA, WPA 2 and WPA 3 explained

Wireless security is a highly important aspect for online security. Connecting to the internet using insecure networks is something that can result in data loss, leakage of account details and the installation of a malware on your network. 

Implementing effective Wi-Fi security measures is urgent and in addition to this, it is important to be aware of the differences between different wireless encryption standards such as WEP, WPA, WPA 2 and WPA 3.

WPA stands for Wi-Fi Protected Access which is a security standard computing for devices with wireless capacities. It was developed with the purpose of providing better data encryption and user authentication than Wired Equivalent Privacy (WEP), which was used as the original Wi-Fi. Since the 1990s, Wi-Fi have undergone multiple improvements. 

What is WEP?

As wireless networks communicate data using radio waves, the data being sent can easily be spied on and intercepted unless there are effective security measurements in place. WEP (Wired Equivalent Privacy), introduced in 1997 was the first attempt at wireless protection by adding encryption capabilities.

WEP encrypts data with the use of a 64 or 128-bit key, a static key which enables all traffic regardless of the device to be encrypted using the same key. A WEP key allows computers part of the same network to communicate encrypted messages with each other and this is the key that is used to connect to a wireless security enabled network. 

One of the main objectives behind developing WEP was to prevent Man-in-the-Middle attacks, for which it was successful at the time. Security flaws however, were discovered and as computing became more and more common, these flaws became increasingly exploited by criminals. As a result of it’s detected vulnerabilities, WEP was discontinued in 2004. In recent times, the only time WEP is in use is when network administrators have either not changed the default security on their wireless routers or because the device is too outdated to be able to support more modern methods of encryption such as WPA.

Next came WPA…

After discontinuing the use of WEP, WAP (Wi-Fi Protected Access) was adopted. This security standard shared similar aspects of WEP as well as further benefits. While WEP implemented the same key upon each authorised system, WPA uses a TKIP (Temporal Key Integrity Protocol) which changes the key, which in turn prevents threat actors from creating their own encryption key to match the one in use by the target network. The TKIP was later replaced by AES (Advanced Encryption Standard).

Another improvement which was offered by WPA on top of WEP was the integrity check message feature which could examine for altered or captured data packets. The keys adopted by WPA were 256-bit however, despite the additional improvements WAP offered, hackers found underlying vulnerabilities to exploit, leading to WPA2.

Improved security benefits offered by WPA2

WPA2 was introduced as an upgraded version of WPA and offers a sturdier security network (RSN) which operates in two ways: 

• Personal mode – Which requires a shared passcode for access and commonly used in homes.
• Enterprise mode – Which is as expected, used by businesses and other organisations. 

Both modes operate with the CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) which is based on the AES (Advanced Encryption Standard) algorithm. Despite the increased reliability of CCMP, there are still vulnerabilities that can be exploited by criminals. 

Attackers can exploit WPA2 through key reinstallation attacks (KRACK) which involves the attacker putting forth a duplicate network and causing the victim to connect to their malicious network instead. This enables the hacker to extract a small piece of data which they can decrypt to establish the encryption key. A counter to this however, is regular patching leaving WPA2 to be regarded as more secure that WEP or WPA.

The introduction of WPA3 

The introduction of WPA3 bought further benefits for individual and enterprise users in addition to WPA2 such as:

• Individualised data encryption
• Simultaneous Authentication of Equals protocol which involves the network device connecting with a wireless access point to verify authentication prior to enabling access. 
• Improved protection against brute force attacks by being only accessible once an individual is in close proximity. 

Devices which function with WPA3 have become widely available since 2019 and are backwards compatible with devices that function with WPA2. 

About Securiwiser

We aim to provide our clients advice concerning implementation of various specific cyber security methods, some of which will be more suitable than others depending on the business type to help ensure the cyber health of our client’s system. 

We advise our clients (whether they are individual users or business owners) regarding various cyber threats that their businesses and operating systems may face. This includes increasing trends of certain threats and prevention methods that are cost effective and time saving.  

Furthermore, business owners, employees and general users may forget to conduct regular scans to monitor the health of their operating system, which criminals can take advantage of to gain unauthorised access by exploiting unrecognised, underlying vulnerabilities. 

Securiwiser can conduct regular scans for your system and provide a detailed cybersecurity risk assessment and a cybersecurity vulnerability assessment. We can further explain detected vulnerabilities and risks in detail to our clients and provide the best course of action that will save your business time and money.