보안 업데이트 2017년 10월

Wi-Fi Alliance®는 수십억에 달하는 Wi-Fi® 기기에 신뢰할 수 있는 보안을 제공하고 지속적으로 Wi-Fi 사용자들을 지원하고 있다.

모든 기술에 있어서, 새로운 위협에 대비하기 위한 꾸준하고 엄격한 보안 조사 과정에서 때로는 새로운 취약점이 발견된다. 최근 보안 연구원들이 일부 Wi-Fi 기기에서 취약점을 발견하여 이 사실을 즉각적으로 Wi-Fi 업계에 보고하였다. 이 취약점이 Wi-Fi 사용자들에 대한 공격에 악의적으로 이용되었다는 증거는 없으며, Wi-Fi Alliance는 사용자들이 계속해서 Wi-Fi를 기반으로 강력한 보안을 제공할 수 있도록 보장하는 즉각적인 조치를 취했다.

  • Wi-Fi Alliance는 자체 글로벌 인증 랩 네트워크에 이 취약점에 대한 테스트를 요청한 상태이다.
  • Wi-Fi Alliance는 모든 Wi-Fi Alliance 멤버들이 사용할 수 있는 취약점 탐지 툴을 제공 중이다.
  • Wi-Fi Alliance는 해당 취약점에 대한 상세 정보를 광범위하게 배포하고 있으며, 벤더들에게 해결책을 제공함과 동시에 솔루션 프로바이더 협력하여 필요한 패치를 조속히 통합하도록 권고하고 있다.

이 문제는 Wi-Fi 사용자가 모바일 기기에서 정기적으로 실행하는 소프트웨어 업데이트와 같은 간단한 소프트웨어 업데이트를 통해 해결할 수 있으며, 주요 플랫폼 벤더들이 이미 해당 패치 배포를 시작했다. 소프트웨어 업데이트는 Wi-Fi 기기 간 상호운용성에 영향을 미치지 않는다. 사용자는 기기 제조사 웹사이트에서 자세한 정보를 얻을 수 있다.

항상 그렇듯이 Wi-Fi 사용자는 기기 제조사의 최신 권장 업데이트 설치를 반드시 확인해야 한다. 보안은 끊임없는 노력을 통해 이루어지며, Wi-Fi Alliance는 Wi-Fi 사용자들을 위한 강력한 보안을 지속적으로 유지해 나갈 것이다.

관련 식별자(Identifiers):

  • CERT case ID: VU#228519
  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

관련 연구:

Wi-Fi Alliance 멤버는 취약점 탐지 툴을 여기에서 다운로드할 수 있다.

Wi-Fi Alliance News See All

Frequently Asked Questions

What is the potential impact of this vulnerability on consumers?

There is no evidence that the vulnerability has been exploited maliciously, and consumers should expect an orderly update cycle for affected devices. We recommend all users install the latest recommended updates from end-device and network equipment manufacturers. It is important to note, that many consumer routers are not affected by this vulnerability, so consumers may not see an update available for their particular router. For those devices that have been affected, many vendors have already issued patches or will issue them shortly. Wi-Fi Alliance recommends checking the vendor’s website for information on specific vendor updates. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

Is the identified vulnerability a WPA2™ protocol issue or on issue related to specific device implementations?

When considering the question of whether a vulnerability is a protocol or implementation issue, the purpose is often to determine the vulnerability’s broader implications, such as the pervasiveness of the vulnerability, the ease of addressing the vulnerability, and the ability to maintain interoperability between patched and unpatched devices. In this instance, the issue can be resolved through straightforward software updates that retain interoperability across Wi-Fi devices. Major device and platform providers, including major operating systems, have already started deploying updates, protecting a substantial number of affected devices. The Wi-Fi industry is evaluating whether additional clarity or guidance on implementing the protocol is necessary in the standard.

How will vulnerabilities in existing devices be fixed?

The issue can be resolved with a straightforward software update – much like users regularly perform on their Wi-Fi devices already. Major platform vendors have already started distributing updates to their users, and updates will continue in the coming weeks. Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.

Will the fixes to address this vulnerability create interoperability issues between Wi-Fi devices?

The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

Will the vulnerability detection tool be made available for non-Wi-Fi Alliance member companies?

Wi-Fi Alliance is making its vulnerability detection tool available exclusively to Wi-Fi Alliance members in the interest of protecting Wi-Fi users. Similar to the concept of responsible disclosure, it is important to give vendors an opportunity to distribute patches before tools for detecting the vulnerability become readily available. Wi-Fi Alliance may consider making the tool available to non-members after a reasonable period of time.

How will I know if my device is affected?

Users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

What will Wi-Fi Alliance do to prevent these types of issues moving forward?

Events like this are rare, but security is never static. Maintaining strong security protections will always be an ongoing effort. Wi-Fi Alliance encourages responsible disclosure of any discovered security vulnerabilities, as was the case with this particular scenario, to ensure the best possible outcome.