Microsoft has announced that its operating system will no longer support connections with outdated and insecure security protocols
Those who still have an old-generation Wi-Fi modem at home may soon be forced to buy a new one: in fact, Microsoft has announced that it will soon stop supporting Wi-Fi networks protected by WEP and TKIP encryption standards.
Starting with an as-yet unspecified version, Windows 10 will refuse to connect to such a network because, Microsoft reminds us not without reason, WEP and TKIP are old, insecure and widely known encryption standards by hackers around the world. Microsoft, in practice, will require users who want to connect to a network via a computer running Windows 10 to have a modem/router equipped with AES encryption, i.e. compatible with the WPA2 and WPA3 standards. The latter is very recent: it was released by the Wi-Fi Alliance in late 2018 and, starting in 2019, the first certified compatible devices arrived on the market.
Why Windows is abandoning WEP and TKIP
Microsoft Windows 10, already since the May Update in May 2019, if it detects a network protected with WEP or TKIP warns the user: "This network is not secure". And, in fact, it's not: WEP (Wired Equivalent Privacy), for example, is a standard that dates back to 1999 and uses 64-bit key encryption. TKIP is slightly later and only slightly more advanced. Recent WPA standards, on the other hand, use 128- or 256-bit keys, which are much longer and therefore much harder for software used by hackers to "guess". The fact that WEP is not secure, by the way, is not a hypothesis but a certainty. Even the FBI in 2005 (that is 15 years ago!) has demonstrated that it is possible to violate a network protected with WEP standard in few minutes.
Are we all safer?
The less insecure devices are around, the more the security grows also for the devices considered safe. It sounds like a play on words, but it's true: any device that can be attacked by a hacker or infected with a virus can become a hotbed of infection for many others. Getting WEP and TKIP connections out of the way, then, is certainly good news. But it doesn't mean that, from now on, we'll be unhackable. A few months ago, in May, the Computer Emergency Response Team (CERT) of the Italian Ministry of Economic Development officially announced that "numerous vulnerabilities have been identified in the design and implementations of the WPA3 protocol". A few months after its debut, then, even WPA 3 is vulnerable. But we're talking about very different vulnerabilities: today even a novice hacker is able to force a WEP network, while only an expert cybercriminal can try to violate the WPA 3 standard.