Wi-Fi Alliance® security update – May 11, 2021

Austin, TX – May 11, 2021 – Wi-Fi Alliance® provides trusted security to billions of Wi-Fi® devices, and regularly updates Wi-Fi CERTIFIED™ requirements to address wireless security and privacy challenges as the threat landscape evolves.

Security researchers identified vulnerabilities in the frame aggregation functionality of some Wi-Fi devices. There is no evidence of the vulnerabilities being used against Wi-Fi users maliciously, and these issues are mitigated through routine device updates that enable detection of suspect transmissions or improve adherence to recommended security implementation practices. Wi-Fi Alliance has taken immediate steps to ensure users can remain confident in the strong security protections provided by Wi-Fi.

  • Wi-Fi CERTIFIED now includes additional testing within our global certification lab network to encourage greater adoption of recommended practices
  • Wi-Fi Alliance is broadly communicating implementation guidance to device vendors and the broader ecosystem community
  • Many Wi-Fi Alliance members affected by the issue have already started deploying updates to user devices

As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

As with any technology, robust security research that pre-emptively identifies potential vulnerabilities is critical to maintaining strong protections. Wi-Fi Alliance thanks Mathy Vanhoef (New York University Abu Dhabi) for discovering and responsibly reporting this issue, allowing industry to proactively prepare updates. Wi-Fi Alliance also thanks the Industry Consortium for Advancement of Security on the Internet (ICASI) for their strong partnership and collaboration.

For more information, please refer to statement from ICASI: https://www.icasi.org/aggregation-fragmentation-attacks-against-wifi/

Relevant Identifiers:

 

  • ICASI case ID: USIRP02-2020
  • CVE-2020-24586
  • CVE-2020-24587
  • CVE-2020-24588
  • CVE-2020-26139
  • CVE-2020-26140
  • CVE-2020-26141
  • CVE-2020-26142
  • CVE-2020-26143
  • CVE-2020-26144
  • CVE-2020-26145
  • CVE-2020-26146
  • CVE-2020-26147

Relevant research:

Guidance for implementations:

  • Wi-Fi Protected Access Security Considerations Link: https://www.wi-fi.org/file/wi-fi-protected-access-security-considerations

 

About Wi-Fi Alliance®  |  www.wi-fi.org
Wi-Fi Alliance® is the worldwide network of companies that brings you Wi-Fi®. Members of our collaboration forum come together from across the Wi-Fi ecosystem with the shared vision to connect everyone and everything, everywhere, while providing the best possible user experience. Since 2000, Wi-Fi Alliance has completed more than 65,000 Wi-Fi certifications. The Wi-Fi CERTIFIED™ seal of approval designates products with proven interoperability, backward compatibility, and the highest industry-standard security protections in place. Today, Wi-Fi carries more than half of the internet’s traffic in an ever-expanding variety of applications. Wi-Fi Alliance continues to drive the adoption and evolution of Wi-Fi, which billions of people rely on every day.

Follow Wi-Fi Alliance:
wi-fi.org/beacon
facebook.com/wificertified
twitter.com/wifialliance
linkedin.com/company/wi-fi-alliance

Media Contact:
Stephanie Burke
Highwire PR for Wi-Fi Alliance
wi-fi@highwirepr.com