Billion-plus Wi-Fi devices hit by Kr00k vulnerability

The flaw chiefly affects Broadcom and Cypress Wi-Fi chips and is related to the infamous KRACK attacks

A serious vulnerability in more than a billion Wi-Fi devices fitted with chips made by Broadcom and Cypress, among others, could allow an attacker to decrypt wireless network packets and intercept web traffic. 

The flaw, assigned CVE-2019-15126 and dubbed Kr00k, causes Wi-Fi devices to revert to an encryption key comprising just zeroes to secure part of the user’s communication.

Advertisement - Article continues below

Hackers can exploit this by using the Kr00k bug while artificially extending the period in which an all-zero encryption key is in use in order to decrypt Wi-Fi packets.

A vast number of devices are affected, according to researchers with ESET, including smart home units, smartphones, as well as the Raspberry Pi 3. These are in addition to Wi-Fi routers and access points with Broadcom chips. 

Staggeringly, more than a billion devices with WPA2-Personal and WPA2-Enterprise protocols with AES-CCMP encryption are affected by Kr00K, although this is still a “conservative estimate”. 

“While the source of the bug lies in the Wi-Fi chips, fortunately, it can be mitigated through software or firmware updates,” the researchers said in a paper.

“According to some vendor publications and our own (non-comprehensive tests), devices should have received patches for the vulnerability by the time of publication. 

Advertisement - Article continues below

“Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple and Windows devices; some IoT devices), but may require a firmware update (access points, routers and some IoT devices).”

Advertisement - Article continues below

The vulnerability manifests during the disassociation state in Wi-Fi devices, which is effectively a temporary disconnection that occurs naturally due to low signal, or when a device moves between access points.

During this state, the encryption key used to secure packets, in Broadcom and Cypress Wi-Fi chips, is reset to an all-zero value. 

Attackers could, in practice, manually force an extended dissociation period, before reassociation, to receive Wi-Fi packets and use the Kr00k bug to decrypt Wi-Fi traffic which, temporarily, uses the all-zero encryption key.

The flaw is similar in nature to the infamous KRACK (Key Reinstallation Attacks) exploit discovered in 2017. Although KRACK received widespread attention at the time, not all devices were fully patched. Kr00k is one of the possible causes behind the ‘reinstallation’ of an all-zero encryption key which was observed in the tests for KRACK attacks. 

There are a number of differences, however, namely that while KRACK was a series of attacks, Kr00k, is a single vulnerability. KRACK, meanwhile, was triggered during the four-way handshake procedure in Wi-Fi devices, while Kr00k is triggered after dissociation. 

Advertisement - Article continues below

The breadth of devices by KRACK is also much wider given it exploits implementation flaws in the WPA2 protocol itself, as opposed to Kr00k, which affects only the most common Wi-Fi chips manufactured by Broadcom and Cypress. 

The bug affects FullMAC WLAN chips, by the two aforementioned companies. While Broadcom chips are used by the majority of Wi-Fi devices, Cypress chips are predominately used in IoT devices.

ESET researchers tested a host of devices and found that among those affected include the Apple iPad mini 2 as well as iPhone 6, 6S, 8 and XR, as well the MacBook Air Retina 13in 2018.

A handful of Android smartphones were also affected, including Google Nexus 5, 6 and 6S, the Samsung Galaxy S8 and Xiaomi Redmi 3S. This is in addition to the 2nd-gen Amazon Echo and 8th-gen Kindle, as well as Raspberry Pi 3 devices.

Related Resource

Application modernisation field guide

It’s time to modernise your application portfolio

Download now

The vulnerable access points that were tested include the Asus RT-N12, Huawei B512S-25d, EchoLife HG8245H and E5577Cs-321. 

Advertisement - Article continues below

“We estimate that the number of affected devices, prior to patching, was well over a billion as the billion mark is passed by counting only the number of affected iPhone generations we tested,” the researchers added.

“We have also tested some devices with Wi-Fi chips from other manufacturers, including Qualcomm, Realtek, Ralink, Mediatek and did not see the vulnerability manifest itself. 

“Obviously, we have not tested every possible Wi-Fi chip by every manufacturer, so while we are currently not aware of other affected chips, we also cannot rule this out.”

The researchers have also recommended that organisations should update devices with Broadcom or Cypress chips to the latest software versions, including both client devices as well as access points. 

They added that patches for devices by major manufacturers should have been released by now, including for phones, tablets, laptops, IoT devices, access points and routers.

Moreover, manufacturers using Broadcom or Cypress chips should check with these companies that their devices have been patched.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



Businesses are building their future with 5G and Wi-Fi 6 in mind

1 Jun 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
wifi & hotspots

Best mesh Wi-Fi 2019

28 Apr 2020
wifi & hotspots

How to boost your business Wi-Fi

22 Oct 2019

Most Popular


Ransomware collective claims to have hacked NASA IT contractor

3 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020

How data science is transforming business

29 May 2020