WiFi Security & Vulnerability Update from WiFi-Alliance

In the last 24 hours, the Wi-Fi alliance has announced a series of new Wi-Fi vulnerabilities. This attack is on the Wi-Fi protocol itself, meaning all Wi-Fi devices are affected, both APs and users. This marks a significant opportunity for cyber-attacks, so understanding the risks and the remedies is key. Our summary below sheds light on the announcement and answer the questions on everyone’s minds.

What is it?

The vulnerabilities have been named FragAttacks; the vulnerabilities exploit design flaws in the Wi-Fi protocol and implementation flaws in Wi-Fi products.

This was discovered by Dr. Mathy Vanhoef (New York University Abu Dhabi), and more detailed information about the vulnerabilities can be found here.

Are my devices affected?

Yes, this affects all Wi-Fi versions and works against all security suites WEP, WPA, WPA2, and WAP3. This means that all Wi-Fi devices are affected.

Is my network at risk?

The likelihood of an attack is using these vulnerabilities is very low; there are no known available tools to complete an attack. It would take a skilled hacker to launch an attack; in addition to this, the hacker would need to be in range of your Wi-Fi network.

When will a patch be ready?

Meraki – Most APs will be patched next month with version 27.7. Some other models will be patched in October. Full details can be found here.
Cambium – Information on patches can be found here for both APs and fixed wireless.
Extreme – Patch available for firmware update through ExtremeCloudIQ Controller. Version: 10.3r2.

What if a patch isn’t ready?

Steps can be taken to mitigate some attacks, such as:

Manually set DNS Server
Use the HTTPS wherever possible, the free HTTPS Everywhere plugin is a good start.
Update devices with the latest firmware

If you are concerned about the WiFi Alliance’s latest announcement on FragAttacks and you would like to know more about which devices are affected, if your network at risk, or when product patches will be ready, get in touch with us to see how we can help.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

WiFi Security & Vulnerability Update from WiFi-Alliance

WiFi Security & Vulnerability Update from WiFi-Alliance

Our Online Resources

Vendor Focus

Case Studies

WiFi Surveys

WiFi Security & Vulnerability Update from WiFi-Alliance

WiFi Security & Vulnerability Update from WiFi-Alliance

Our Online Resources

Vendor Focus

Case Studies

WiFi Surveys

Follow us on Socials