New WiFi Security issue, check your equipment for updates

So there has been several verified issues with 802.11 in it’s various incarnations. Several of these issues are issues with the standard and will effect all equipment that follows the 802.11 standard.

Here is the website that describes the attacks.
https://www.fragattacks.com/

In short a malicious attacker can inject packets into a secured network (Pretty much anything except for WPA2 using TKIP, which you shouldn’t be using anyways) is the really bad issue, but there are some others.

Notably this will -probably- include the A5# line and the G2 line. I have not confirmed with Mimosa yet, but they are checking into the issue to see (Most probably the A5#s will be effected in WiFi Interop mode, Mimosa is unsure about SRS being effected.)

Dunno when Mimosa will be releasing a fix, but from previous experience it should be within a few months. Notably, this isn’t an easily exploitable issue and there is no evidence of this being exploited in the wild. You probably will want to check out your favorite WiFi Access Point vendor for updates to this because I will assume that issues will arise there before someone develops an attack for Mimosa equipment…

1 Like

William,

You said “pretty much anything except for WPA2 using TKIP.” AES is the stronger encryption. TKIP came out during WPA (1). So, does AES have the problem but TKIP doesn’t?

The website mentions that TKIP isn’t effected by the 3 vulnerabilities that the researchers had released, but that TKIP has serious other vulnerabilities that cannot be fixed about it which makes it not a viable alternative.

I didn’t dive deep enough to understand why TKIP wasn’t effected while all the other encryption standards that WPA1/2/3 (WEP is effected as well, so yet another reason not to use WEP) utilizes are. My understanding was that the TKIP vulnerabilities could be mitigated, but I am no expert.

Thanks. That makes more sense.