2017年10月最新安全信息

Wi-Fi Alliance®为几十亿Wi-Fi®设备提供值得信赖的安全保护,一如既往地为Wi-Fi用户提供支持

与使用任何技术一样,可靠的、在新的安全威胁面前保持主动所必需的安全研究有时会发现新的漏洞。安全研究人员已发现有些Wi-Fi设备中存在安全漏洞,并立即将此发现通报了Wi-Fi业界。目前没有证据表明该漏洞已被恶意利用来攻击Wi-Fi用户,Wi-Fi Alliance立即采取了措施,以确保用户能够继续依靠Wi-Fi提供强大的安全保护。

  • Wi-Fi Alliance正在要求我们在全球各地的认证实验室针对这个漏洞进行测试;
  • Wi-Fi Alliance已经提供了一款漏洞检测工具,供Wi-Fi Alliance会员公司使用;
  • Wi-Fi Alliance正在广泛地向设备厂商传达有关这一漏洞的详细信息和补救方案,并希望设备厂商与其解决方案提供商合作,以迅速集成任何必要的修补软件。

这个问题可以方便地通过软件更新解决,过程与Wi-Fi用户定期对其移动设备进行的软件更新相似,主要平台提供商也已经开始部署这些修补软件。软件更新不需要任何更改,不会影响Wi-Fi设备之间的互操作性。用户如需了解更多信息,可以访问设备厂商的官网。

与以往一样,Wi-Fi用户应该确保安装了设备制造商提供和推荐的、最新的更新软件。安全保护是一项随时需要解决新问题的工作,Wi-Fi Alliance将一如既往地继续为Wi-Fi用户提供强大的安全保护。

相关标识符:

  • CERT case ID: VU#228519
  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

相关研究:

Wi-Fi Alliance会员公司可以点击这里下载漏洞检测工具。

Wi-Fi Alliance News See All

Frequently Asked Questions

What is the potential impact of this vulnerability on consumers?

There is no evidence that the vulnerability has been exploited maliciously, and consumers should expect an orderly update cycle for affected devices. We recommend all users install the latest recommended updates from end-device and network equipment manufacturers. It is important to note, that many consumer routers are not affected by this vulnerability, so consumers may not see an update available for their particular router. For those devices that have been affected, many vendors have already issued patches or will issue them shortly. Wi-Fi Alliance recommends checking the vendor’s website for information on specific vendor updates. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

Is the identified vulnerability a WPA2™ protocol issue or on issue related to specific device implementations?

When considering the question of whether a vulnerability is a protocol or implementation issue, the purpose is often to determine the vulnerability’s broader implications, such as the pervasiveness of the vulnerability, the ease of addressing the vulnerability, and the ability to maintain interoperability between patched and unpatched devices. In this instance, the issue can be resolved through straightforward software updates that retain interoperability across Wi-Fi devices. Major device and platform providers, including major operating systems, have already started deploying updates, protecting a substantial number of affected devices. The Wi-Fi industry is evaluating whether additional clarity or guidance on implementing the protocol is necessary in the standard.

How will vulnerabilities in existing devices be fixed?

The issue can be resolved with a straightforward software update – much like users regularly perform on their Wi-Fi devices already. Major platform vendors have already started distributing updates to their users, and updates will continue in the coming weeks. Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.

Will the fixes to address this vulnerability create interoperability issues between Wi-Fi devices?

The software updates do not require any changes that affect interoperability between Wi-Fi devices. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.

Will the vulnerability detection tool be made available for non-Wi-Fi Alliance member companies?

Wi-Fi Alliance is making its vulnerability detection tool available exclusively to Wi-Fi Alliance members in the interest of protecting Wi-Fi users. Similar to the concept of responsible disclosure, it is important to give vendors an opportunity to distribute patches before tools for detecting the vulnerability become readily available. Wi-Fi Alliance may consider making the tool available to non-members after a reasonable period of time.

How will I know if my device is affected?

Users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

What will Wi-Fi Alliance do to prevent these types of issues moving forward?

Events like this are rare, but security is never static. Maintaining strong security protections will always be an ongoing effort. Wi-Fi Alliance encourages responsible disclosure of any discovered security vulnerabilities, as was the case with this particular scenario, to ensure the best possible outcome.