Will the vulnerability detection tool be made available for non-Wi-Fi Alliance member companies?
Will the vulnerability detection tool be made available for non-Wi-Fi Alliance member companies?
Wi-Fi Alliance is making its vulnerability detection tool available exclusively to Wi-Fi Alliance members in the interest of protecting Wi-Fi users. Similar to the concept of responsible disclosure, it is important to give vendors an opportunity to distribute patches before tools for detecting the vulnerability become readily available. Wi-Fi Alliance may consider making the tool available to non-members after a reasonable period of time.
Wi-Fi Alliance News See All
Frequently Asked Questions
What is the potential impact of this vulnerability on consumers?
There is no evidence that the vulnerability has been exploited maliciously, and consumers should expect an orderly update cycle for affected devices. We recommend all users install the latest recommended updates from end-device and network equipment manufacturers. It is important to note, that many consumer routers are not affected by this vulnerability, so consumers may not see an update available for their particular router. For those devices that have been affected, many vendors have already issued patches or will issue them shortly. Wi-Fi Alliance recommends checking the vendor’s website for information on specific vendor updates. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.
Is the identified vulnerability a WPA2™ protocol issue or on issue related to specific device implementations?
When considering the question of whether a vulnerability is a protocol or implementation issue, the purpose is often to determine the vulnerability’s broader implications, such as the pervasiveness of the vulnerability, the ease of addressing the vulnerability, and the ability to maintain interoperability between patched and unpatched devices. In this instance, the issue can be resolved through straightforward software updates that retain interoperability across Wi-Fi devices. Major device and platform providers, including major operating systems, have already started deploying updates, protecting a substantial number of affected devices. The Wi-Fi industry is evaluating whether additional clarity or guidance on implementing the protocol is necessary in the standard.
How will vulnerabilities in existing devices be fixed?
The issue can be resolved with a straightforward software update – much like users regularly perform on their Wi-Fi devices already. Major platform vendors have already started distributing updates to their users, and updates will continue in the coming weeks. Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.
Will the fixes to address this vulnerability create interoperability issues between Wi-Fi devices?
The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.
How will I know if my device is affected?
Users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.
What will Wi-Fi Alliance do to prevent these types of issues moving forward?
Events like this are rare, but security is never static. Maintaining strong security protections will always be an ongoing effort. Wi-Fi Alliance encourages responsible disclosure of any discovered security vulnerabilities, as was the case with this particular scenario, to ensure the best possible outcome.