SET computer researchers have discovered a cybersecurity bug plaguing Wi-Fi devices. Millions of smartphones at risk
It's called "Kr00k" the latest threat that puts the security of more than a million Wi-Fi devices that integrate chips made by Broadcom and Cypress at risk. It was discovered by ESET researchers, who assigned it the code CVE-2019-15126.
The researchers showed that, due to this flaw, a hacker attack can succeed in decrypting at least part of the packets transmitted by these devices through a Wi-Fi network. The biggest problem comes from the fact that there are not only smartphones and PCs on the market that integrate these vulnerable chips, but also routers and access points. And this makes the entire Wi-Fi network managed by these devices insecure. Luckily, most of the Wi-Fi device manufacturers integrating Broadcom and Cypress chips have already released their respective patches to fix the Kr00k flaw, but it's clear that the devices that need to be updated are a huge number.
Kr00k vulnerability: how it works
The Wi-Fi device security flaw called Kr00k is related to another flaw, called KRACK (Key Reinstallation Attacks) discovered by imec-DistriNet researcher Mathy Vanhoef in 2017, but it also has peculiar features that make devices previously patched for KRACK still vulnerable to Kr00k. The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols, with AES-CCMP encryption.
When a device is "associated" and "unassociated" to a Wi-Fi network, the WPA2 security key, which is required for authentication, is exchanged. During the procedure, at some point, a temporary key is also exchanged, which is saved inside the chip and then deleted by overwriting a sequence of zeros. Unfortunately, the data stored in this step can be decrypted due to the Kr00k flaw.
Which devices are affected by Kr00k
The chips affected by this vulnerability are among the most common in Wi-Fi enabled devices. Only at a first reconnaissance, ESET found such chips inside Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), and in some access points of Asus and Huawei devices. The total of these devices already sold and circulating exceeds one billion, but ESET itself warns that this is a conservative estimate and that there may be many more vulnerable devices that do not fall under this first census.