Billion-plus Wi-Fi devices hit by Kr00k vulnerability

The flaw chiefly affects Broadcom and Cypress Wi-Fi chips and is related to the infamous KRACK attacks

A serious vulnerability in more than a billion Wi-Fi devices fitted with chips made by Broadcom and Cypress, among others, could allow an attacker to decrypt wireless network packets and intercept web traffic. 

The flaw, assigned CVE-2019-15126 and dubbed Kr00k, causes Wi-Fi devices to revert to an encryption key comprising just zeroes to secure part of the user’s communication.

Advertisement - Article continues below

Hackers can exploit this by using the Kr00k bug while artificially extending the period in which an all-zero encryption key is in use in order to decrypt Wi-Fi packets.

A vast number of devices are affected, according to researchers with ESET, including smart home units, smartphones, as well as the Raspberry Pi 3. These are in addition to Wi-Fi routers and access points with Broadcom chips. 

Staggeringly, more than a billion devices with WPA2-Personal and WPA2-Enterprise protocols with AES-CCMP encryption are affected by Kr00K, although this is still a “conservative estimate”. 

“While the source of the bug lies in the Wi-Fi chips, fortunately, it can be mitigated through software or firmware updates,” the researchers said in a paper.

“According to some vendor publications and our own (non-comprehensive tests), devices should have received patches for the vulnerability by the time of publication. 

Advertisement
Advertisement - Article continues below

“Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple and Windows devices; some IoT devices), but may require a firmware update (access points, routers and some IoT devices).”

Advertisement - Article continues below

The vulnerability manifests during the disassociation state in Wi-Fi devices, which is effectively a temporary disconnection that occurs naturally due to low signal, or when a device moves between access points.

During this state, the encryption key used to secure packets, in Broadcom and Cypress Wi-Fi chips, is reset to an all-zero value. 

Attackers could, in practice, manually force an extended dissociation period, before reassociation, to receive Wi-Fi packets and use the Kr00k bug to decrypt Wi-Fi traffic which, temporarily, uses the all-zero encryption key.

The flaw is similar in nature to the infamous KRACK (Key Reinstallation Attacks) exploit discovered in 2017. Although KRACK received widespread attention at the time, not all devices were fully patched. Kr00k is one of the possible causes behind the ‘reinstallation’ of an all-zero encryption key which was observed in the tests for KRACK attacks. 

There are a number of differences, however, namely that while KRACK was a series of attacks, Kr00k, is a single vulnerability. KRACK, meanwhile, was triggered during the four-way handshake procedure in Wi-Fi devices, while Kr00k is triggered after dissociation. 

Advertisement - Article continues below

The breadth of devices by KRACK is also much wider given it exploits implementation flaws in the WPA2 protocol itself, as opposed to Kr00k, which affects only the most common Wi-Fi chips manufactured by Broadcom and Cypress. 

The bug affects FullMAC WLAN chips, by the two aforementioned companies. While Broadcom chips are used by the majority of Wi-Fi devices, Cypress chips are predominately used in IoT devices.

ESET researchers tested a host of devices and found that among those affected include the Apple iPad mini 2 as well as iPhone 6, 6S, 8 and XR, as well the MacBook Air Retina 13in 2018.

A handful of Android smartphones were also affected, including Google Nexus 5, 6 and 6S, the Samsung Galaxy S8 and Xiaomi Redmi 3S. This is in addition to the 2nd-gen Amazon Echo and 8th-gen Kindle, as well as Raspberry Pi 3 devices.

Related Resource

Application modernisation field guide

It’s time to modernise your application portfolio

Download now

The vulnerable access points that were tested include the Asus RT-N12, Huawei B512S-25d, EchoLife HG8245H and E5577Cs-321. 

Advertisement - Article continues below

“We estimate that the number of affected devices, prior to patching, was well over a billion as the billion mark is passed by counting only the number of affected iPhone generations we tested,” the researchers added.

“We have also tested some devices with Wi-Fi chips from other manufacturers, including Qualcomm, Realtek, Ralink, Mediatek and did not see the vulnerability manifest itself. 

“Obviously, we have not tested every possible Wi-Fi chip by every manufacturer, so while we are currently not aware of other affected chips, we also cannot rule this out.”

The researchers have also recommended that organisations should update devices with Broadcom or Cypress chips to the latest software versions, including both client devices as well as access points. 

They added that patches for devices by major manufacturers should have been released by now, including for phones, tablets, laptops, IoT devices, access points and routers.

Moreover, manufacturers using Broadcom or Cypress chips should check with these companies that their devices have been patched.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

Zyxel Unified Pro WAX650S review: A tempting Wi-Fi-6 upgrade
wifi & hotspots

Zyxel Unified Pro WAX650S review: A tempting Wi-Fi-6 upgrade

30 Jul 2020
How to create a mobile hotspot
wifi & hotspots

How to create a mobile hotspot

17 Jun 2020
Businesses are building their future with 5G and Wi-Fi 6 in mind
5G

Businesses are building their future with 5G and Wi-Fi 6 in mind

1 Jun 2020
Intel releases Wi-Fi and Bluetooth driver updates for Windows 10
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020