At eero, the security of our devices and services has always been a top priority. We believe that security should be built into the architecture of each of our products, and we have a long-standing commitment of safeguarding the security of our customers. You may have read about the recently disclosed “FragAttacks (fragmentation and aggregation attacks)” vulnerabilities impacting wifi networks. We proactively released an eero OS patch to protect all eero customers from these issues, and we have no evidence that this issue has been exploited on eero devices.
On May 11, 2021, independent researchers disclosed vulnerabilities in the 802.11 networking specification used by wifi-enabled devices that could have allowed an attacker within wifi range of an affected device to potentially send local network traffic to an unauthorized party. Many of the vulnerabilities discovered by the researchers do not affect eero networks due to a combination of custom changes to our networking software that we have made over the years. Additionally, eeroOS 6.2.1 and later includes a patch that will protect your network from the “FragAttacks (fragmentation and aggregation attacks)” vulnerabilities and is now available to all eero customers. You can tap the details of any of your eeros in the mobile app and trigger an OTA update if the version you are seeing isn’t 6.2.1 or newer in the Settings tab.
We appreciate all the work of independent researchers who helped bring this issue to the industry’s attention. As always, our engineering and security teams worked quickly and diligently to make sure all of our customers were protected. Thank you to all of our customers for putting their trust in our products and services – protecting customers and their networks has always been one of our most important responsibilities.
-Nick Weaver
Co-founder & CEO
P.S. Security researchers can get in direct contact with our security team here or by emailing security@eero.com.