セキュリティ最新情報 - 2017年10月

Wi-Fi Alliance®が世界数十億のWi-Fi®デバイスに信頼のセキュリティを提供し、引き続きWi-Fiユーザーをサポート

どのテクノロジーにも見られるように、常に新たな脅威の機先を制するための堅牢なセキュリティ リサーチによって、時として新たな脆弱性が見つかる場合があります。このほどセキュリティ リサーチの実施者によっていくつかのWi-Fiデバイスの脆弱性が明らかになり、直ちにWi-Fi業界にその旨を報告しました。この脆弱性がWi-Fi ユーザーに対する悪意ある攻撃に使われた形跡は確認されていませんが、Wi-Fi Allianceはユーザーの皆様がこれまでと変わらずWi-Fiの強力なセキュリティ保護を安心して利用できるようにするための措置を直ちに講じました。

  • Wi-Fi Allianceがグローバル展開している認定ラボのネットワークにおいて、この脆弱性の試験を受けることを必須化
  • すべてのWi-Fi Allianceメンバーが利用できる脆弱性検出ツールを用意
  • この脆弱性および対処法に関する詳細をデバイス ベンダー各社に周知すると共に、ソリューション プロバイダと連携して必要なパッチを適用することを推奨

この問題は、簡単なソフトウェア アップデートで解消できます ―― Wi-Fi ユーザーであれば、モバイル デバイスでよく行っているソフトウェア アップデートとほとんど変わりません。大手プラットフォーム プロバイダは、すでにこれらのパッチを展開しはじめています。このソフトウェア アップデートでは、Wi-Fiデバイス間の相互接続性に影響するような変更は一切ありません。 詳細は、各デバイス ベンダーのWebサイトをご覧ください。

いつもと同じように、ユーザーは必ずデバイス メーカーからの最新の推奨アップデートをインストールしておく必要があります。セキュリティは、ダイナミックな活動です。Wi-Fiユーザーの皆様のために、これからもWi-Fi Allianceは強力なセキュリティ保護を提供していきます。

関連情報

  • CERT case ID: VU#228519
  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

関連リサーチ

Wi-Fi Allianceメンバー向けの脆弱性検出ルールはこちらでダウンロードできます。

Frequently Asked Questions

What is the potential impact of this vulnerability on consumers?

There is no evidence that the vulnerability has been exploited maliciously, and consumers should expect an orderly update cycle for affected devices. We recommend all users install the latest recommended updates from end-device and network equipment manufacturers. It is important to note, that many consumer routers are not affected by this vulnerability, so consumers may not see an update available for their particular router. For those devices that have been affected, many vendors have already issued patches or will issue them shortly. Wi-Fi Alliance recommends checking the vendor’s website for information on specific vendor updates. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

Is the identified vulnerability a WPA2™ protocol issue or on issue related to specific device implementations?

When considering the question of whether a vulnerability is a protocol or implementation issue, the purpose is often to determine the vulnerability’s broader implications, such as the pervasiveness of the vulnerability, the ease of addressing the vulnerability, and the ability to maintain interoperability between patched and unpatched devices. In this instance, the issue can be resolved through straightforward software updates that retain interoperability across Wi-Fi devices. Major device and platform providers, including major operating systems, have already started deploying updates, protecting a substantial number of affected devices. The Wi-Fi industry is evaluating whether additional clarity or guidance on implementing the protocol is necessary in the standard.

How will vulnerabilities in existing devices be fixed?

The issue can be resolved with a straightforward software update – much like users regularly perform on their Wi-Fi devices already. Major platform vendors have already started distributing updates to their users, and updates will continue in the coming weeks. Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.

Will the fixes to address this vulnerability create interoperability issues between Wi-Fi devices?

The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

Will the vulnerability detection tool be made available for non-Wi-Fi Alliance member companies?

Wi-Fi Alliance is making its vulnerability detection tool available exclusively to Wi-Fi Alliance members in the interest of protecting Wi-Fi users. Similar to the concept of responsible disclosure, it is important to give vendors an opportunity to distribute patches before tools for detecting the vulnerability become readily available. Wi-Fi Alliance may consider making the tool available to non-members after a reasonable period of time.

How will I know if my device is affected?

Users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

What will Wi-Fi Alliance do to prevent these types of issues moving forward?

Events like this are rare, but security is never static. Maintaining strong security protections will always be an ongoing effort. Wi-Fi Alliance encourages responsible disclosure of any discovered security vulnerabilities, as was the case with this particular scenario, to ensure the best possible outcome.