Earlier this year, two ESET researchers disclosed a flaw in processor chips powering over 1 billion Wi-Fi and Internet of Things (IoT) devices that would make it easy for attackers to snoop on encrypted traffic. Last week at Black Hat, the researchers explained that the attack surface area for these kinds of flaws is broader than they initially thought and that the weakness is present in a several other popular chipsets that could put even more IoT and Wi-Fi devices at risk.
Dubbed "Kr00k" by researchers Robert Lipovsky and Stefan Svorencik, the flaw in question occurs in how Wi-Fi chips handle the four-way handshake process that occurs between a device and an access point to facilitate WPA2 encryption. When devices associate and disassociate with a network, the handshake process governs authentication and how cryptographic keys are exchanged as connection is both established and broken between device and access point.
Kr00k is a flaw in how the chips handle the process of WLAN session disassociation, in which they overwrite the encryption keys with all zeros in the expectation that no further data will be transmitted after disassociation. The expectation is when the device reassociates with a new session, a new encryption key will be negotiated and encryption will remain seamless.
"This is expected behavior as no further data is supposed to be transmitted after disassociation. And it stays that way until a new session is generated after the new reassociation and the new four-way handshake," explained Lipovsky during the "Kr00k: Serious Vulnerability Affected Encryption of Billion+ Wi-Fi ..
Support the originator by clicking the read the rest link below.
