Cyber security researchers today revealed a new hardware vulnerability in widely used Broadcom and Cypress Wi-Fi chips, affecting over a billion devices including smartphones, tablets, laptops, routers and more.
The security vulnerability, known as "Kr00k" and identified by the identifier CVE-2019-15126, allows attackers to decrypt secure data traffic. The cybercriminal does not even have to be on the same network as his victim - explain security researchers from ESET. "Kr00k" makes it possible to attack devices that use the WPA2-Personal or WPA2-Enterprise protocols with AES-CCMP encryption. This is how a ESET-Researcher:
Our tests confirmed that some client devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points from Asus and Huawei are vulnerable to Kr00k.
What the Kr00k vulnerability makes possible and what it does not
According to security researchers, the Kr00k vulnerability is somewhat reminiscent of the KRACK attacks of 2017, a technique that makes it easier for attackers to hack Wi-Fi passwords protected with the widely used WPA2 network protocol. But there are also differences. The vulnerability itself is not in the encryption protocol but in the WiFi chip. This means that cybercriminals cannot connect to the network directly and launch man-in-the-middle attacks - thus changing the password is also useless. Modern devices that use the WPA3 protocol, the latest WiFi security standard, are not affected according to current knowledge. However, attackers can intercept and decrypt some parts of the secured data traffic. Basically, Kr00k breaks encryption at the wireless level. Therefore, it is important to note that TLS encryption is unaffected. This means that network traffic with websites that use HTTPS is still secure.
How does a “Kr00k” attack work?
When a device is disconnected from wireless network traffic, the WiFi chip deletes the session key in memory and sets it to zero. At the same time, however, the chip also transmits all the data from the buffer that was actually zeroed in an encrypted manner - inadvertently, hence the error. Attackers can then capture data such as DNS, ARP, ICMP, HTTP and more. However, this must be close to the source and go through a series of specific processes. However, this requires advanced knowledge - as ESET explains. According to ESET, such an attack is very complex and cannot be carried out by everyone. But that does not change the severity of the security flaw.
Can the bug be fixed? Are my iPhone, iPad and Mac also affected?
As already mentioned above, various devices are affected by the vulnerability, including Apple devices. However, manufacturers can take action against "Kr00k" using a software or firmware update. Apple has already taken action in this regard and secured the iPhone, iPad and Mac. Accordingly, there are supposed to be defense mechanisms under iOS 13.2 or iPadOS 13.2 as well as macOS 10.15.1 or newer that can render "Kr00k" harmless. (Photo by World Image / Bigstockphoto)
