How will vulnerabilities in existing devices be fixed?

How will vulnerabilities in existing devices be fixed?

These issues can be resolved with a software update – much like users regularly perform on their Wi-Fi devices already. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started distributing updates to their users. Wi-Fi CERTIFIED WPA3-Personal now includes additional testing to encourage greater adoption of recommended practices.

Frequently Asked Questions

Are the identified vulnerabilities a WPA3™-Personal protocol issue or on issue related to specific device implementations?

When considering the question of whether a vulnerability is a protocol or implementation issue, the purpose is often to determine the vulnerability’s broader implications, such as the pervasiveness of the vulnerability, the ease of addressing the vulnerability, and the ability to maintain interoperability between patched and unpatched devices.

In this instance, the issues found in a limited number of early implementations of WPA3-Personal can be mitigated through software updates that retain interoperability across Wi-Fi devices. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying updates to their implementations of WPA3-Personal. Wi-Fi Alliance is broadly communicating implementation guidance to ensure vendors understand the relevant security considerations when developing their devices.

Will the fixes to address this vulnerability create interoperability issues between Wi-Fi devices?

The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

How will I know if my device is affected?

These issues affect a limited number of early implementations of WPA3-Personal, which devices have only recently begun supporting. Users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

What will Wi-Fi Alliance do to prevent these types of issues moving forward?

Security is and will always be a dynamic endeavor, and Wi-Fi CERTIFIED is an important tool in driving broad adoption of strong security protections in Wi-Fi devices. Wi-Fi Alliance regularly updates Wi-Fi CERTIFIED requirements and test coverage to address wireless security and privacy challenges as the threat landscape changes. Wi-Fi Alliance encourages responsible disclosure of any discovered security vulnerabilities to ensure the best possible outcome.

Does WPA3 remain secure?

WPA3-Personal provides security for private Wi-Fi networks based on a simple password credential. Wi-Fi users should continue to look for Wi-Fi CERTIFIED WPA3 in their devices to ensure they are receiving the strongest available Wi-Fi security. Wi-Fi CERTIFIED WPA3-Personal now includes additional testing within our global certification lab network to encourage greater adoption of recommended practices.