The IT security researchers at ESET have disclosed a new vulnerability named Kr00k [PDF] in FullMAC WLAN chips manufactured by Broadcom and Cypress.
Referenced as CVE-2019-15126; the vulnerability places over a billion devices at risk which include popular ones such as Amazon Echo, Apple’s suite of devices, Google Nexus, Samsung Galaxy and other portable devices. A complete list of the devices tested inside ESET’s lab are as follows:
• Amazon Echo 2nd gen• Amazon Kindle 8th gen• Apple iPad mini 2• Apple iPhone 6, 6S, 8, XR• Apple MacBook Air Retina 13-inch 2018• Google Nexus 5• Google Nexus 6• Google Nexus 6S• Raspberry Pi 3• Samsung Galaxy S4 GT-I9505• Samsung Galaxy S8• Xiaomi Redmi 3S
How the vulnerability helps attackers is by letting them intercept someone’s network packets on a Wi-Fi network that they’re physically close to and then decrypt them to access the data contained within even if it is uncertain what this data would comprise of.
Example of captured WLAN traffic that was divulged due to the Kr00k vulnerability – Image credit: ESET
It is important to note though that attackers do not need to be connected to your Wi-Fi network in itself. To see if your device is vulnerable, it needs to be using WPA2 (Wi-Fi Protected Access) – Personal or the Enterprise protocols with CCMP encry ..
Support the originator by clicking the read the rest link below.
