...
A new set of Wi-Fi vulnerabilities have has been discovered by Mathy Vanhoef and was released on May 11, 2021. These vulnerabilities are core to the design and implementation of the IEEE 802.11 standard affecting almost all Wi-Fi capable devices, and include the following CVEs:
...
These vulnerabilities are not restricted to specific devices from specific vendors; over 75 devices from different vendors were tested by Mathy and his team, and all of them were vulnerable to one or more of the discovered attacks.
...
Does this affect Byos products?
Since the release This set of these vulnerabilities, our vulnerabilities affects every Wi-Fi enabled device on the planet.
Our security team has been performing ongoing tests on Byos µGateways using since the release of these vulnerabilities.
Byos-protected endpoints may be affected by a subset of these attacks based on the design flaws found in:
CVE-2020-24588: Aggregation attack
CVE-2020-24587: Mixed key attack
CVE-2020-24586: Fragment cache attack
How does Byos protect against these vulnerabilities?
Even though Byos devices operate under the 802.11 standard and therefore are technically vulnerable, successfully exploiting these vulnerabilities against a device protected by the Byos µGateway is more difficult than exploiting the device itself for a few much less likely to occur, due to the following reasons:
Byos adds a layer of abstraction to the device physically present in the network, meaning running a successful exploit against the device is much less likely given the in-device Wi-Fi is turned off.isolating the attacker from its victim
Each Byos µGateway runs its own encrypted DNS server and is isolated from the host machine, therefore DNS poisoning is much more difficult to achieve.
Byos has Evil Twin Wi-Fi and Man-in-the-Middle protection features, reducing the attackers ability to manipulate the user’s session, traffic, or the connection.
After a thorough evaluation from our security team, we conclude concluded that using a Byos µGateway still provides more security than otherwise using your device’s native Wi-Fi connection.
We will continue to update this page as our security team uncovers more information about these vulnerabilities. An A Software update will be available published by Byos shortly.
Extra steps for precaution
In practice, these vulnerabilities are difficult to exploit; However, however we recommend you follow these basic security best practices to minimize your risk:
...
For more information, please visit https://www.fragattacks.com/.