ESET researchers have discovered Kr00k (CVE-2019-15126), a previously unknown vulnerability in Wi-Fi chips used in many client devices, Wi-Fi access points and routers.
Kr00k is a vulnerability that causes the network communication of an affected device to be encrypted with an all-zero encryption key. In a successful attack, this allows an adversary to decrypt wireless network packets.
The discovery of Kr00k follows previous ESET research into the Amazon Echo being vulnerable to KRACKs (Key Reinstallation Attacks). Kr00k is related to KRACK, but is also fundamentally different.
During the investigation into KRACK, ESET researchers identified Kr00k as one of the causes behind the “reinstallation” of an all-zero encryption key observed in tests for KRACK attacks. Subsequent to their research, most major device manufacturers have released patches.
CVE-2019-15126 is particularly dangerous because it has affected over a billion Wi-Fi enabled devices – a conservative estimate.
Kr00k affects all devices with Broadcom and Cypress Wi-Fi chips that remain unpatched. These are the most common Wi-Fi chips used in today’s client devices.
Wi-Fi access points and routers are also affected by the vulnerability, making even environments with patched client devices vulnerable. ESET tested and confirmed that among the vulnerable devices were client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), as well as access points by Asus and Huawei.
ESET responsibly disclosed the vulnerability to the chip manufacturers Broadcom and Cypress, who subsequently released patches. They also worked with the Industry Consortium for Advancement of Security on the Internet (ICASI) to ensure that all possibly affected ..