Austin, TX – May 11, 2021 – Wi-Fi Alliance® provides trusted security to billions of Wi-Fi® devices, and regularly updates Wi-Fi CERTIFIED™ requirements to address wireless security and privacy challenges as the threat landscape evolves.
Security researchers identified vulnerabilities in the frame aggregation functionality of some Wi-Fi devices. There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices. Wi-Fi Alliance has taken immediate steps to ensure users can remain confident in the strong security protections provided by Wi-Fi.
- Wi-Fi CERTIFIED now includes additional testing within our global certification lab network to encourage greater adoption of recommended practices
- Wi-Fi Alliance is broadly communicating implementation guidance to device vendors and the broader ecosystem community
- Many Wi-Fi Alliance members affected by the issue have already started deploying updates to user devices
As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.
As with any technology, robust security research that pre-emptively identifies potential vulnerabilities is critical to maintaining strong protections. Wi-Fi Alliance thanks Mathy Vanhoef (New York University Abu Dhabi) for discovering and responsibly reporting this issue, allowing industry to proactively prepare updates. Wi-Fi Alliance also thanks the Industry Consortium for Advancement of Security on the Internet (ICASI) for their strong partnership and collaboration.
For more information, please refer to statement from ICASI: https://www.icasi.org/aggregation-fragmentation-attacks-against-wifi/
Relevant Identifiers:
- ICASI case ID: USIRP02-2020
- CVE-2020-24586
- CVE-2020-24587
- CVE-2020-24588
- CVE-2020-26139
- CVE-2020-26140
- CVE-2020-26141
- CVE-2020-26142
- CVE-2020-26143
- CVE-2020-26144
- CVE-2020-26145
- CVE-2020-26146
- CVE-2020-26147
Relevant research:
- Research paper link: https://papers.mathyvanhoef.com/usenix2021.pdf
- Research website link: https://fragattacks.com/
Guidance for implementations:
- Wi-Fi Protected Access Security Considerations Link: https://www.wi-fi.org/file/wi-fi-protected-access-security-considerations
About Wi-Fi Alliance® | www.wi-fi.org
Wi-Fi Alliance® is the worldwide network of companies that brings you Wi-Fi®. Members of our collaboration forum come together from across the Wi-Fi ecosystem with the shared vision to connect everyone and everything, everywhere, while providing the best possible user experience. Since 2000, Wi-Fi Alliance has completed more than 65,000 Wi-Fi certifications. The Wi-Fi CERTIFIED™ seal of approval designates products with proven interoperability, backward compatibility, and the highest industry-standard security protections in place. Today, Wi-Fi carries more than half of the internet’s traffic in an ever-expanding variety of applications. Wi-Fi Alliance continues to drive the adoption and evolution of Wi-Fi, which billions of people rely on every day.
Follow Wi-Fi Alliance:
wi-fi.org/beacon
facebook.com/wificertified
twitter.com/wifialliance
linkedin.com/company/wi-fi-alliance
Media Contact:
Stephanie Burke
Highwire PR for Wi-Fi Alliance
wi-fi@highwirepr.com