WiFi needs New Security for IoT

WiFi is considered secure today. Meaning the WPA2 protocol does not have any obvious open holes and cannot be easily hacked. This is enough for human - operated computers, including laptops, tablets and smartphones. But enter the IoT space and the static nature of WPA2 and the entire concept of an access-point - based infrastructure falls apart.

Imagine you have a reasonable number of 50 smart devices on your home WiFi network. There are various sensors (temperature, ambient light, motion) and every day devices like door locks, light bulbs, webcams, switches etc. Provisioning them on your WiFi network was quite an effort. Yes bringing WiFi IoT devices online is not easy and every vendor has their own method of doing this, usually via a custom smartphone App. And then you want to change your router. For whatever reason. Changing your Internet provider or just upgrading to the latest and greatest. Or imagine you just want to change the WiFi password because you have given it to too many friends and guests over r the last couple of years.

Or imagine one of the devices on your network is a CIA mike. It knows the credentials and is online / connected all the time and listens. How to get rid of it? The only way is to change the security keys and give the new keys to all legitimate devices except the one you want out of your network. How do you do this? Manually resetting each and every one and building the network from scratch once again? Nobody but the most paranoid would do this. Yes you can spend days refreshing your keys... or just accept leaving them as-is, what most people would do.

So the bottom line is the WPA2 model just does not hold anymore. WiFi needs a new security model. One that takes into account device management, key refresh and easy provisioning of display-less / keyboard-less devices. Only then it will be able to compete in the IoT era.