Device manufacturers have started deploying patches to resolve security issues in their early implementations of WPA3-Personal.
The recently identified vulnerabilities (Mathy Vanhoef of New York University Abu Dhabi and Eyal Ronen of Tel Aviv University and KU Leuven ) affected early implementations of WPA3-Personal. The specific devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements.
"WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues. These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited," said the Wi-Fi Alliance.
Wi-Fi Alliance says it has taken steps to ensure users can count on WPA3-Personal to deliver even stronger security protections. Wi-Fi CERTIFIED WPA3-Personal now includes additional testing based on elements of the latest research, and Wi-Fi Alliance is communicating implementation guidance to ensure vendors understand the relevant security considerations.