2019年4月最新安全信息

无论采用什么技术，要相对于新出现的安全威胁保持领先优势，可靠的安全研究都是必要的，这样的安全研究偶尔会发现新的漏洞。安全研究人员在有限数量的WPA3™-Personal早期部署中发现了漏洞，并立即将其发现报告给了Wi-Fi^®业界。目前没有证据表明，漏洞已被恶意利用来攻击Wi-Fi用户。Wi-Fi Alliance^®立即采取了措施，以确保用户可以依靠WPA3-Personal提供更强大的安全保护。

在我们的全球认证实验室网络内， Wi-Fi CERTIFIED WPA3-Personal已增加了测试项，以鼓励更多地采用推荐做法。
当下正值业界开始向市场提供WPA3-Personal之际，因此Wi-Fi Alliance正在广泛地向设备制造商传达有关这些漏洞的详细信息和WPA3-Personal部署指南。

通过简单的软件更新就可以解决这些问题，就像Wi-Fi用户在其移动设备上定期进行的软件更新一样。WPA3-Personal目前处于早期部署阶段，受到影响的少量设备制造商已经开始提供修补软件，以解决所发现的问题。这种软件更新不需要做出影响Wi-Fi设备互操作性的任何改变。用户可以查阅其设备厂商的网站，以获得更多信息。

与往常一样，Wi-Fi用户应该确保安装来自设备制造商的最新推荐更新软件。安全问题始终处于动态变化之中，需要持续努力应对不断出现的新问题。Wi-Fi Alliance将通过Wi-Fi CERTIFIED™计划，继续为Wi-Fi用户提供强大的安全保护。

Wi-Fi Alliance的公开声明：https://www.wi-fi.org/zh-hans/news-events/newsroom/wi-fi-alliance-6。

Frequently Asked Questions

Are the identified vulnerabilities a WPA3™-Personal protocol issue or on issue related to specific device implementations?

When considering the question of whether a vulnerability is a protocol or implementation issue, the purpose is often to determine the vulnerability’s broader implications, such as the pervasiveness of the vulnerability, the ease of addressing the vulnerability, and the ability to maintain interoperability between patched and unpatched devices.

In this instance, the issues found in a limited number of early implementations of WPA3-Personal can be mitigated through software updates that retain interoperability across Wi-Fi devices. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying updates to their implementations of WPA3-Personal. Wi-Fi Alliance is broadly communicating implementation guidance to ensure vendors understand the relevant security considerations when developing their devices.

How will vulnerabilities in existing devices be fixed?

These issues can be resolved with a software update – much like users regularly perform on their Wi-Fi devices already. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started distributing updates to their users. Wi-Fi CERTIFIED WPA3-Personal now includes additional testing to encourage greater adoption of recommended practices.

Will the fixes to address this vulnerability create interoperability issues between Wi-Fi devices?

The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

How will I know if my device is affected?

These issues affect a limited number of early implementations of WPA3-Personal, which devices have only recently begun supporting. Users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

What will Wi-Fi Alliance do to prevent these types of issues moving forward?

Security is and will always be a dynamic endeavor, and Wi-Fi CERTIFIED is an important tool in driving broad adoption of strong security protections in Wi-Fi devices. Wi-Fi Alliance regularly updates Wi-Fi CERTIFIED requirements and test coverage to address wireless security and privacy challenges as the threat landscape changes. Wi-Fi Alliance encourages responsible disclosure of any discovered security vulnerabilities to ensure the best possible outcome.

Does WPA3 remain secure?

WPA3-Personal provides security for private Wi-Fi networks based on a simple password credential. Wi-Fi users should continue to look for Wi-Fi CERTIFIED WPA3 in their devices to ensure they are receiving the strongest available Wi-Fi security. Wi-Fi CERTIFIED WPA3-Personal now includes additional testing within our global certification lab network to encourage greater adoption of recommended practices.