Wi-Fi Enhanced Open is a protocol for encrypting Wi-Fi sessions that occur over public networks. Introduced in 2018, Enhanced Open somewhat improves security for users on open public Wi-Fi networks. Its design is similar to opportunistic wireless encryption (OWE) and encrypts the connection between user device and network from end to end. Enhanced Open requires a Diffie-Hellman encryption key exchange, which is a method for securely exchanging cryptographic keys over a public channel. After the key exchange is successful, the networks perform a four-way handshake before finalizing and enabling an encrypted connection.
In the past, eavesdroppers would linger around public Wi-Fi sessions to spy on the data exchanged. Because Enhanced Open encrypts the data, would-be trespassers cannot interpret it. Devices must have an advanced operating system version to support Enhanced Open. Android requires the HAL interface design language 1.2 to run the feature, and Android 10 and newer is needed to support Enhanced Open.
Weakness of OWE
Because Wi-Fi Enhanced Open is based on Opportunistic Wireless Encryption, it runs into the same problems. Though OWE encrypts sessions between a user and a Wi-Fi network, it doesn’t run an authentication process for either party. This makes a network connection susceptible to an evil twin attack, in which a malicious party renames their device to masquerade as a Wi-Fi network. When a user connects to this false network, the data is at risk. Though the Wi-Fi Alliance claims that Enhanced Open encrypts an open Wi-Fi network connection and is better than an entirely unencrypted network, it acknowledges that neither user nor network is verified. Even with Enhanced Open, using an open public Wi-Fi network carries risk.
