Unknown vulnerability in wi-fi chips
Research has shown that more than a million devices are at risk. Specifically, the ESET researchers
ESET researchers have discovered Kr00k (CVE-2019-15126), hitherto unknown vulnerability in Wi-Fi chips used in client devices, Wi-Fi access points, and routers.
The Kr00k vulnerability encrypts the network communication of an infected device with an “all-zero” encryption key, enabling the cybercriminal to decrypt the wireless network packets and successfully attack them.
The discovery of Kr00k is linked to an earlier ESET investigation into security gaps identified in the Amazon Echo that allowed attacks by KRACK (Key Reinstallation Attack) vulnerabilities. The Kr00k is related to the KRACKs, but it shows fundamental differences. Analyzing the KRACKs, ESET researchers found that the Kr00k was one of the factors responsible for “reinstalling” an “all-zero” encryption key observed in tests for KRACK attacks. Following this investigation, most major device makers released patches.
The Kr00k is especially dangerous because it has affected over a billion Wi-Fi enabled devices, with this number being a conservative estimate. ESET will present its research on this vulnerability for the first time on February 26 at the RSA Conference 2020.
The Kr00k affects all devices that have not been patched with Broadcom and Cypress Wi-Fi chips. These are the most common Wi-Fi chips used today on client devices. Wi-Fi access points and routers are also vulnerable, which means they are even at risk for patched client environments.
ESET examined and confirmed that the most vulnerable devices were client devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), as well as access points from Asus and Huawei.
ESET reported the vulnerability to Broadcom and Cypress chip makers, who subsequently released patches. The company has also worked with the Industry Consortium for Internet Security Advancement (ICASI) to inform Kr00k of all stakeholders, both device makers using vulnerability chips, and other manufacturers who may are affected. According to the information available to ESET, major manufacturers have now been updated with patches.
“The Kr00k appears after disconnecting from Wi-Fi – something that can happen very naturally, for example, because of a weak Wi-Fi signal or even caused by an intruder. If an attack is successful, several kilobytes of potentially sensitive information can be exposed, “explains Milos Cermak, head of ESET investigations into the vulnerability of Kr00k, adding that” by repeatedly triggering disconnections, an important attacker can collect network with potentially sensitive data. ”