Cyber security researchers today revealed a new hardware vulnerability in widely used Broadcom and Cypress Wi-Fi chips, affecting over a billion devices including smartphones, tablets, laptops, routers and more.
The vulnerability, known as "Kr00k" and identified by the identifier CVE-2019-15126, allows attackers to decrypt secure traffic. Cybercriminals don't even need to be on the same network as their victims, explain security researchers at ESET. "Kr00k" actually allows attackers to attack devices that use the WPA2-Personal or WPA2-Enterprise protocols with AES-CCMP encryption. A ESET-Researcher:
Our tests confirmed that some client devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points from Asus and Huawei are vulnerable to Kr00k.
What the Kr00k vulnerability makes possible and what it does not
According to security researchers, the "Kr00k" vulnerability is somewhat reminiscent of the 2017 KRACK attacks, a technique that makes it easier for attackers to hack Wi-Fi passwords protected with the widely used WPA2 network protocol. However, there are differences. The vulnerability itself is not in the encryption protocol, but in the Wi-Fi chip. This prevents cybercriminals from connecting directly to the network and launching man-in-the-middle attacks—thus, changing the password is useless. Modern devices that use the WPA3 protocol, the latest Wi-Fi security standard, are not affected, as far as we know. However, attackers can intercept and decrypt some portions of the secured traffic. Essentially, "Kr00k" breaks encryption at the wireless level. Therefore, it is important to note that TLS encryption remains unaffected. This means that network traffic to websites using HTTPS remains secure.
How does a “Kr00k” attack work?
When a device is disconnected from wireless network traffic, the WiFi chip deletes the session key in memory and sets it to zero. At the same time, however, the chip also transmits all the data from the buffer that was actually zeroed in an encrypted manner - inadvertently, hence the error. Attackers can then capture data such as DNS, ARP, ICMP, HTTP and more. However, this must be close to the source and go through a series of specific processes. However, this requires advanced knowledge - as ESET explains. According to ESET, such an attack is very complex and cannot be carried out by everyone. But that does not change the severity of the security flaw.
Can the bug be fixed? Are my iPhone, iPad and Mac also affected?
As mentioned above, various devices are affected by the vulnerability, including Apple devices. However, manufacturers can counteract "Kr00k" with a software or firmware update. Apple has already taken action and secured iPhones, iPads, and Macs. According to the release, there are defense mechanisms in iOS 13.2 or iPadOS 13.2, as well as macOS 10.15.1 or later, that can render "Kr00k" harmless. (Photo by World Image / Bigstockphoto)
