ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices
ESET Research has published its latest white paper, KrØØk – CVE-2019-15126: Serious vulnerability deep inside your Wi-Fi encryption. This blogpost summarizes that white paper, authored by researchers Miloš Čermák, Robert Lipovský and Štefan Svorenčík. For more information, readers can also refer to our dedicated webpage.
ESET researchers discovered a previously unknown vulnerability in Wi-Fi chips and named it KrØØk. This serious flaw, assigned CVE-2019-15126, causes vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication. In a successful attack, this allows an adversary to decrypt some wireless network packets transmitted by a vulnerable device.
KrØØk affects devices with Wi-Fi chips by Broadcom and Cypress that haven’t yet been patched. These are the most common Wi-Fi chips used in contemporary Wi-Fi capable devices such as smartphones, tablets, laptops, and IoT gadgets.
Not only client devices but also Wi-Fi access points and routers with Broadcom chips were affected by the vulnerability, thus making many environments with unaffected or already patched client devices vulnerable anyway.
Our tests confirmed that prior to patching, some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to KrØØk. This totaled to over a billion Wi-Fi-capable devices and access points, at a conservative estimate. Further, many other vendors whose products we did not test also u ..
Support the originator by clicking the read the rest link below.
