Frag Attack Vulnerability Information
FragAttacks (fr*agmentation and *ag*gregation *attacks) which is a collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices.
Recently, a set of Wi-Fi vulnerabilities, commonly known as “Frag Attacks” were identified. Zebra is aware of these vulnerabilities and is scoping the impact to our products (i.e. handhelds, scanners, and printers).
Zebra devices use Wi-Fi radios provided by third party suppliers. Addressing these vulnerabilities will require an update to these third-party radios. Currently, Zebra is awaiting information from these vendors on their update plans. As this information becomes available, Zebra will update this notice with details on affected products and mitigation plans.
For more information, please click here.
SUPPORT PAGES FOR IMPACTED PRODUCTS:
Operating System | Affected Product | Release Date |
Android 11 | All Product | 30th September 2021 |
Android 10 | Handheld computer models: EC30, EC50, EC55, MC2200, MC2700, MC9300, PS20 Touch computer models: TC21, TC26, TC52, TC52x, TC57, TC57x, TC72, TC77, TC8300 Tablets: ET51, ET56, L10 Wearable: WT6300 RFID scanner: MC3300x Health Care Touch computers models: TC21-HC, TC26-HC, TC52-HC, TC52x-HC Vehicle-mounted device: VC8300 Interactive kiosks: CC600, CC6000 |
31st August 2021 |
Android 9 | All Product | 30th November 2021 |
Android 8.1 | All Product | 31st October 2021 |
Link-OS | Desktop Printers Industrial Printers Mobile Printers |
January 31st, 2022 |
N/A | Zebra Printer with Wi-Fi | TBD |
N/A | Zebra Scanners with Wi-fi | TBD |
Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.
Unless otherwise noted, there have been no reports of active customer exploitation or abuse from these newly reported issues.
Are you aware of a potential security issue with a Zebra Technologies product?