Tag Archives: ‘Wifi
BRUSSELS (Reuters) – The European Commission is set to approve and set rules for the use of wifi in cars, giving Volkswagen and Renault who have pursued this technology the edge over Daimler and others who invested in rival 5G networks.
Workers clean the facade of a car showroom under a Volkswagen logo on the Chinese National Day in Beijing, China October 1, 2018. Picture taken October 1, 2018. REUTERS/Stringer
The EU executive is expected to announce draft legislation on the issue next month for feedback from EU countries and EU lawmakers before adopting it next year.
The decision is a crucial one for both carmakers and telecoms operators and equipment makers as the market for internet connected cars is expected to be worth billions of euros a year.
While connected cars have been available for some years in Europe, the Commission wants to speed up their deployment and encourage cooperation between manufacturers to make safer and more efficient cars via legislation.
Such legal protection and regulatory-approved technical specifications would also reassure car buyers and auto insurance companies, advantages which cars equipped with a rival technology would not have.
The latest draft of the proposed rules seen by Reuters paves the way for cars equipped with wifi called ITS-G5 to hit the roads in Europe while regulators will review the rules at the latest three years after its implementation to take into account any new technologies.
This could mean that the alternative 5G standard called C-V2X could take months or even years to win approval. Supporters however expect a shorter timeframe.
The issue has pitted two powerful groups of carmakers, chipmakers and telecoms providers against each other. Connected cars are seen as lucrative targets for online retailers and advertisers.
Volkswagen, Renault, NXP, Autotalks and Kapsch TrafficCom are pushing ITS-G5, which they say has been sufficiently tested and fully standardised in European government-funded projects.
However, 5G backers include big names like Daimler, Ford, PSA Group, Deutsche Telekom, Ericsson, Huawei [HWT.UL], Intel, Qualcomm and Samsung. They say that C-V2X has wider application and is future-proof.
Backers of C-V2X say it can hook up to both cars and devices in the surrounding environment, with a wider range of applications in areas such as entertainment, traffic data and general navigation where data speeds or signal failure are less of an issue.
Fans of ITS-G5, which is primarily for connecting cars to other cars, say it is better for time-critical communications involved in crash avoidance and object navigation.
The EU executive declined to comment on the draft. It said: “Currently the Commission is looking into the best European framework to promote the right investments in this area and ensure interoperability between the existing systems and the development of new technologies.”
In effect, the decision puts the region at loggerheads with the United States and China which see C-V2X, using cellular networks, as the way forward.
Some EU countries such as Spain, Sweden, Finland and Norway had called for a postponement of the proposed rules because of the diverging views on the topic.
Following intense lobbying, France, which supports the wifi-based technology, came up with a compromise clause which is now under discussion.
Its proposal, seen by Reuters, would force the Commission to revise the rules in less than 12 months if a new technology is approved. The paper also calls for all involved parties to cooperate to ensure a level playing field between different technologies.
Lobbying group and C-V2X supporter 5GAA said that is not enough.
“A legislation confined to a wifi based communication would send a negative message about Europe’s commitment to 5G, and is contrary to the objectives of the Commission’s own 5G action plan, which aims to promote early deployment of 5G along major transport paths,” 5GAA said.
Reporting by Foo Yun Chee; additional reporting by Eric Auchard in London; Editing by Elaine Hardcastle
There are more Wi-Fi devices in active use around the world—roughly 9 billion—than there are human beings. That ubiquity makes protecting Wi-Fi from hackers one of the most important tasks in cybersecurity. Which is why the arrival of next-generation wireless security protocol WPA3 deserves your attention: Not only is it going to keep Wi-Fi connections safer, but also it will help save you from your own security shortcomings.
It’ll take time before you can enjoy the full benefits of WPA3; the Wi-Fi Alliance, a trade group that oversees the standard, is releasing full details today but doesn’t expect broad implementation until late 2019 at the earliest. In the course that WPA3 charts for Wi-Fi, though, security experts see critical, long-overdue improvements to a technology you use more than almost any other.
“If you ask virtually any security person, they’ll say don’t use Wi-Fi, or if you do, immediately throw a VPN connection on top of it,” says Bob Rudis, chief data officer at security firm Rapid 7. “Now, Wi-Fi becomes something where we can say hey, if the place you’re going to uses WPA3 and your device uses WPA3, you can pretty much use Wi-Fi in that location.”
Start with how WPA3 will protect you at home. Specifically, it’ll mitigate the damage that might stem from your lazy passwords.
A fundamental weakness of WPA2, the current wireless security protocol that dates back to 2004, is that it lets hackers deploy a so-called offline dictionary attack to guess your password. An attacker can take as many shots as they want at guessing your credentials without being on the same network, cycling through the entire dictionary—and beyond—in relatively short order.
“Let’s say that I’m trying to communicate with somebody, and you want to be able to eavesdrop on what we’re saying. In an offline attack, you can either passively stand there and capture an exchange, or maybe interact with me once. And then you can leave, you can go somewhere else, you can spin up a bunch of cloud computing services and you can try a brute-force dictionary attack without ever interacting with me again, until you figure out my password,” says Kevin Robinson, a Wi-Fi Alliance executive.
This kind of attack does have limitations. “If you pick a password that’s 16 characters or 30 characters in length, there’s just no way, we’re just not going to crack it,” says Joshua Wright, a senior technical analyst with information security company Counter Hack. Chances are, though, you didn’t pick that kind of password. “The problem is really consumers who don’t know better, where their home password is their first initial and the name of their favorite car.”
If that sounds familiar, please change your password immediately. In the meantime, WPA3 will protect against dictionary attacks by implementing a new key exchange protocol. WPA2 used an imperfect four-way handshake between clients and access points to enable encrypted connections; it’s what was behind the notorious KRACK vulnerability that impacted basically ever connected device. WPA3 will ditch that in favor of the more secure—and widely vetted—Simultaneous Authentication of Equals handshake.
There are plenty of technical differences, but the upshot for you is twofold. First, those dictionary attacks? They’re essentially done. “In this new scenario, every single time that you want to take a guess at the password, to try to get into the conversation, you have to interact with me,” says Robinson. “You get one guess each time.” Which means that even if you use your pet’s name as your Wi-Fi password, hackers will be much less likely to take the time to crack it.
The other benefit comes in the event that your password gets compromised nonetheless. With this new handshake, WPA3 supports forward secrecy, meaning that any traffic that came across your transom before an outsider gained access will remain encrypted. With WPA2, they can decrypt old traffic as well.
When WPA2 came along in 2004, the Internet of Things had not yet become anything close to the all-consuming security horror that is its present-day hallmark. No wonder, then, that WPA2 offered no streamlined way to safely onboard these devices to an existing Wi-Fi network. And in fact, the predominant method by which that process happens today—Wi-Fi Protected Setup—has had known vulnerabilities since 2011. WPA3 provides a fix.
Wi-Fi Easy Connect, as the Wi-Fi Alliance calls it, makes it easier to get wireless devices that have no (or limited) screen or input mechanism onto your network. When enabled, you’ll simply use your smartphone to scan a QR code on your router, then scan a QR code on your printer or speaker or other IoT device, and you’re set—they’re securely connected. With the QR code method, you’re using public key-based encryption to onboard devices that currently largely lack a simple, secure method to do so.
“Right now it’s really hard to deploy IoT things fairly securely. The reality is they have no screen, they have no display,” says Rudis. Wi-Fi Easy Connect obviates that issue. “With WPA3, it’s automatically connecting to a secure, closed network. And it’s going to have the ability to lock in those credentials so that it’s a lot easier to get a lot more IoT devices rolled out in a secure manner.”
Here again, Wi-Fi Easy Connect’s neatest trick is in its ease of use. It’s not just safe; it’s impossible to screw up.
That trend plays out also with Wi-Fi Enhanced Open, which the Wi-Fi Alliance detailed a few weeks before. You’ve probably heard that you should avoid doing any sensitive browsing or data entry on public Wi-Fi networks. That’s because with WPA2, anyone on the same public network as you can observe your activity, and target you with intrusions like man-in-the-middle attacks or traffic sniffing. On WPA3? Not so much. When you log onto a coffee shop’s WPA3 Wi-Fi with a WPA3 device, your connection will automatically be encrypted without the need for additional credentials. It does so using an established standard called Opportunistic Wireless Encryption.
“By default, WPA3 is going to be fully encrypted from the minute that you begin to do anything with regards to getting on the wireless network,” according to Rudis. “That’s fundamentally huge.”
As with the password protections, WPA3’s expanded encryption for public networks also keeps Wi-Fi users safe from a vulnerability they may not realize exists in the first place. In fact, if anything it might make Wi-Fi users feel too secure.
“The heart is in the right place, but it doesn’t stop the attack,” says Wright. “It’s a partial solution. My concern is that consumers think they have this automatic encryption mechanism because of WPA3, but it’s not guaranteed. An attacker can impersonate the access point, and then turn that feature off.”
Even with the added technical details, talking about WPA3 feels almost still premature. While major manufacturers like Qualcomm already have committed to its implementation as early as this summer, to take full advantage of WPA3’s many upgrades, the entire ecosystem needs to embrace it.
That’ll happen in time, just as it did with WPA2. And the Wi-Fi Alliance’s Robinson says that backward interoperability with WPA2 will ensure that some added security benefits will be available as soon as the devices themselves are. “Even at the very beginning, when a user has a mix of device capabilities, if they get a network with WPA3 in it, they can immediately turn on a transitional mode. Any of their WPA3-capable devices will get the benefits of WPA3, and the legacy WPA2 devices can continue to connect,” Robinson says.
Lurking inside that assurance, though, is the reality that WPA3 will come at a literal cost. “The gotcha is that everyone’s got to buy a new everything,” says Rudis. “But at least it’s setting the framework for a much more secure setup than what we’ve got now.”
Just as importantly, that framework mostly relies on solutions that security researchers already have had a chance to poke and prod for holes. That hasn’t always been the case.
“Five years ago the Wi-Fi Alliance was creating its own protocols in secrecy, not disclosing the details, and then it turns out some of them have problems,” says Wright. “Now, they’re more adopting known and tested and vetted protocols that we have a lot more confidence in, and they’re not trying to hide the details of the system.”
Which makes sense. When you’re securing one of the most widely used technologies on Earth, you don’t want to leave anything to chance.
More Great WIRED Stories
Google’s OnHub router was met with decent reception (heh), but a new report by Android Police indicates the company is looking to announce a new router alongside its upcoming probably-called-Pixel phones on October 4. It will simply be called Google Wi-Fi. The router will almost certainly include some of the OnhHub’s ‘smart’ features for simplifying connections and optimizing reception (although whether the OnHub really performed any better than similarly prices routers is questionable). But one big advantage over OnHub is that you will be able link multiple routers to create a larger, stronger Wi-Fi network. Android Police also suggests it will…
This story continues at The Next Web
WiFi Whisperer calls attention to the data leaking from your phone by displaying it on screen and whispering it back to you in an eerie voice. The post ‘Wifi Whisperer’ Siphons Your Data in the Creepiest Way Possible appeared first on WIRED.