Every day billions of devices connect to the Internet through a WiFi network through which credentials and sensitive data are transmitted.
These data could be compromised with a new vulnerability present in more than 1 billion devices that the ESET team of researchers has discovered.
According to a statement from the security software company, Kr00k is a vulnerability that causes the network communication of an affected device to be encrypted with an altered encryption key composed of zeros. In a successful attack, this vulnerability allows an attacker to decrypt network packets sent wirelessly.
The discovery of Kr00K adds to the research that ESET has been developing on the reliability of the Amazon Echo and its KRACK (Key Reinstallation Attacks) vulnerability.
Following the thread of this vulnerability of Amazon devices, the researchers discovered the new vulnerability that, although closely related to KRACK, both have fundamental differences.ESET researchers identified Kr00k as one of the causes behind the reinstallation of an encryption key composed only of zeros observed in the KRACK attack tests. These chains of zeros would make it possible to disable network encryption by allowing access to the confidential packets that are transmitted.
This new vulnerability affects all devices with Broadcom and Cypress Wi-Fi chips that have not been updated with the corresponding security patches.
Both companies manufacture chips for all types of devices, so their chips are present on Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Raspberry Pi) devices 3) and Xiaomi (Redmi), as well as access points of Asus and Huawei.
After the investigation was announced, most of the major manufacturers of affected devices have released patches with updates that solve the vulnerability. Kr00k is particularly dangerous because, by making conservative estimates, it would have affected more than a billion devices with Wi-Fi enabled.
Researchers have examined the WiFi chips manufactured by other brands such as Qualcomm, Realtek, Ralink and Mediatek to see if they are also affected, but the results have been negative.
You must be logged in to post a comment.