Security researchers at ESET have discovered a high-severity Wi-Fi flaw dubbed ‘Kr00k’ which has affected more than a billion devices, including smartphones, PCs, and other IoT devices.
‘Kr00k’ is a chip-level security flaw affecting the Wi-Fi chips manufactured by Broadcom and Cypress. By exploiting the flaw, a hacker can eavesdrop on anyone’s encrypted Wi-Fi traffic.
Tagged as CVE-2019-15126, ‘Kr00k’ security vulnerability gets its name from 2017’s infamous KRACK (Key Reinstallation Attacks), which was prevalent in WPA and WPA2 protocols used for securing Wi-Fi communication.
Researchers found that the Kr00k flaw has affected several products from Apple (iPhone, iPad, Macs), Amazon’s Echo and Kindle products, smartphones from Samsung, Google and Xiaomi, and Raspberry Pi 3.
How Does ‘Kr00k’ Flaw Works?
When a device connects to a Wi-Fi access point (AP), the process is called association, and when it disconnects from an AP, it is termed as dissociation.
Kr00k flaw manifests itself after a hacker manually triggers the process of dissociation. The data, mainly the session key, from the affected chip’s transmission buffer is cleared and set to zero.
According to ESET security researchers: “These data frames can be captured by an adversary and subsequently decrypted. By repeatedly triggering disassociations (effectively causing reassociations, as the session will usually reconnect), the attacker can capture more data frames.”
Even though the security vulnerability exists at the hardware level, the researchers say that it can be fixed with a software update. The fix would make sure that the transmission buffer is not set to zero after dissociation, and the data is dumped all together.
In the demonstration at RSA Conference 2020, researchers showed how hackers could even retrieve passwords of non-vulnerable devices if they are connected to APs affected by Kr00k flaw.
List of Devices Affected by Kr00k
Researchers have positively tested the following devices affected by Kr00k flaw:
- Amazon Echo 2nd gen
- Amazon Kindle 8th gen
- Apple iPad Mini 2
- Apple iPhone 6, 6S, 8, XR
- Apple Macbook Air Retina 13-inch 2018
- Google Nexus 5
- Google Nexus 6
- Google Nexus 6S
- Raspberry Pi 3
- Samsung Galaxy S4 GT-I9505
- Samsung Galaxy S8
- Xiaomi Redmi 3S
ESET disclosed the vulnerability to Broadcom and Cypress, and the manufacturers say that they have released the patch for the same. We recommend our readers to keep an eye on firmware update and install it as soon as you receive it.