A bug in several WiFi chips makes it possible to intercept a small amount of data from many different devices. Security company ESET has found the vulnerability in smartphones, speakers and routers, among others.
It concerns Wi-Fi chips from Broadcom and Cypress, ESET reports in the white paper. According to the security company, these are in any case in the iPhone 6, 6s, 8 and XR, but also in the Samsung Galaxy S8 and various older phones. It is unknown how many devices with the chips there are exactly. The chips are also in an old iPad, various Amazon Kindle devices, Amazon Echo 2nd Gen, Raspberry Pi 3 and MacBook Air 2018. The vulnerability is also present in three Huawei routers and a model from Asus, but many other routers do not have it. . In total, it could be billions of devices, but based on the iPhones tested alone, there are at least a billion devices that had the leak.
The vulnerability, which ESET has named Kr00k, occurs when the Wi-Fi connection is lost. The chip then resets the encryption key to all zeros – hence the zeros in Kr00k’s name – and sends the data in the buffer anyway. Each time it concerns a few kilobytes of data. That works on regular wpa2 connections and the data corresponds to what you might see on a Wi-Fi network without encryption. This means that, for example, passwords that pass over the network via TLS are unreadable. As a result, the potential of the attack does not seem that great.
Broadcom and Cypress are aware and have a fix. It is now in many devices, but some of the affected devices are too old to receive a fix, leaving them vulnerable to this vulnerability. ESET will present the details of the leak at this week’s RSA Conference 2020. Kr00k is affiliated with the earlier Krack, of which ESET shared details in October last year.
|Tested and Affected Devices||Smartphones||Tablets||Other devices||routers|
|apple||iPhone 6, 6s, 8, XR||iPad mini 2||MacBook Air 2018|
|Samsung||Galaxy S4, Galaxy S8|
|Others||Google Nexus 5, 6, 6p
Xiaomi Redmi 3s
|Raspberry Pi 3||Asus RT-N12