Security researchers from Slovak antivirus company ESET have discovered a vulnerability linked to Wi-Fi chips that has affected over one billion of iOS and Android devices (via ZDNet).
The flaw dubbed as Kr00k and tracked as ‘CVE-2019-15126’ can be exploited by an attacker to intercept and decrypt some type of Wi-Fi network traffic (relying on WPA2 connections) by a vulnerable device.
According to ESET, the attacker does not need to be connected to the victim’s wireless network and the vulnerability only affects Wi-Fi connections that use WPA2-Personal or WPA2-Enterprise Wi-Fi security protocols, with AES-CCMP encryption.
“Our tests confirmed some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (Redmi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k,” ESET researchers said.
According to the researchers, the Kr00k flaw is somewhat related to the earlier Key Reinstallation Attack, often referred to as KRACK, a vulnerability that had affected the WPA2 Wi-Fi protocol and forced most device vendors to switch to using WPA3 by default. In this method, hackers can easily hack protected Wi-Fi passwords using a widely-used WPA2 network protocol.
On the other hand, the Kr00k flaw is enabled during the process of dissociation (disconnection due to low Wi-Fi signals) where a distinctive key that encrypts data packets over the Wi-Fi network gets changed to an all-zero value.
“Kr00k manifests itself after Wi-Fi disassociations – which can happen naturally, for example, due to a weak Wi-Fi signal, or maybe manually triggered by an attacker,” said Miloš Cermák, the lead ESET researcher into the Kr00k vulnerability.
“If an attack is successful, several kilobytes of potentially sensitive information can be exposed. By repeatedly triggering disassociations, the attacker can capture a number of network packets with potentially sensitive data,” he adds.
The vulnerability has affected all Wi-Fi-capable devices running on Broadcom and Cypress Wi-Fi chips and ESET is working with them and other relevant companies to control the issue.
Also Read- Best Wifi Hacking Tools
As confirmed by ESET, many device manufacturers should have already updated their software by now.
According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability by the time of publication. Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple and Windows devices; some IoT devices), but may require a firmware update (access points, routers and some IoT devices).
To ensure that your devices have been patched against Kr00k, update them to the latest possible versions. Also, use the newer WPA3 Wi-Fi authentication protocol for more protection against the vulnerability.
“To protect yourself, as a user, make sure you have updated all your Wi-Fi capable devices, including phones, tablets, laptops, IoT smart devices, and Wi-Fi access points and routers, to the latest firmware version,” said Robert Lipovský, an ESET researcher working with the Kr00k vulnerability research team.
“Of great concern is that not only client devices, but also Wi-Fi access points and routers that have been affected by Kr00k. This greatly increases the attack surface, as an adversary can decrypt data that was transmitted by a vulnerable access point, which is often beyond your control, to your device, which doesn’t have to be vulnerable.”
You can know more about the vulnerability by reading ESET’s research paper on Kr00k here.
