Frag attacks
-
Are Amplifi Products (Alien, HD, etc) affected by the Frag Attack vulnerabilities ?
https://www.fragattacks.com/
-
@René-Guitar Redundant, management can pick one: https://community.amplifi.com/topic/4578/fragattacks-here-we-go-again
-
This is something I am also interested to find out, since security fixes are not very often listed in the release notes that accompany the firmware updates.
-
@UI-AmpliFi Is there something you can share with us?
-
I want to state unequivocally that I believe, "the frag attack problem needs to be fixed, if possible".
Steve Gibson stated the following on episode 819 of Security Now, https://www.grc.com/sn/sn-819.pdf.
"The newly discovered design flaws have been part of WiFi since its release in 1997. Fortunately, the design flaws are difficult to abuse because doing so requires user interaction or is only possible when using uncommon network settings. As a result, in practice, the biggest concerns are the programming mistakes in WiFi products, since several of them are trivial to exploit"
He goes into detail about the problem and one of the things he emphasized is that this is a WIFI problem, not an internet problem! Therefore the attacker has to be within the WIFI range of your local network.
I have provided a link to the PDF transcript of the podcast. https://www.grc.com/sn/sn-819.pdf
Read it, especially Steve and Leo's banter at the end.
-
It's also worth noting that AmpliFi was given advance notice of this issue, as were all other vendors.
"To protect users, security updates were prepared during a 9-month-long coordinated disclosure that was supervised by the Wi-Fi Alliance and ICASI."
What did AmpliFi do during that nine month period?
-
I'll give them the benefit of the doubt since they have never really pre-announced security updates in the past...
@UI-AmpliFi said in Alien firmware 3.6.0beta1:
Wi-Fi security fixes will be released to beta soon. The fixes are being tested internally.
...and they specifically referred to them (multiple) as Wi-Fi Security Fixes versus just stating "WPA3" outright or referring to a security certificate/key exchange protocol
-
Hello, dear AmpliFi users. As we have stated in the latest Beta release notes, the security patches for FragAttacks are being tested internally and will be included in the next Beta release as soon as we will confirm that all vulnerabilities are fixed and do not affect performance and stability.
We are always working to provide the best security for our clients.
-
@UI-AmpliFi great!!
keep up the good work!
-
@UI-AmpliFi Excellent news! Thanks for the info.
-
This post is deleted!
