Posted on February 28, 2020 at 1:40 PM
Security researchers at Slovak antivirus firm, ESET, will be presenting details about a new security flaw that affects WIFI communication. The bug, known as Kr00k, is vulnerable to exploitation by attackers, who can capture and decrypt certain Wifi network traffic.
Kr00k bug affects WiFi-enabled devices
As the researchers reported, Kr00k impacts on all WiFi-enabled devices running on Cypres and Broadcom Wi-Fi chips, which are two of the most popular Wi-Fi chipsets in the world. Most of the Wi-Fi-enabled devices have one of these chips, which makes their vulnerability very serious.
As a result, most devices such as smart speakers, access points, smartphones, laptops, and other IoT devices, may be affected.
ESET researchers revealed that they have tested and verified that the vulnerability affects devices from Raspberry, Samsung, Google, Apple, Amazon, as well as access points from Huawei and Asus.
In a statement released by the researchers, they said about 1 billion devices could be affected by the Kr00k vulnerability, and the real number could even be higher than that.
Technically, Kr00k is just like other bugs discovered daily on different software. However, Kr00k affects devices in a different way. It affects the encryption used to secure data packets through Wi-Fi connections.
Generally, the data packets are encrypted via the unique key, which relied on the user’s Wi-Fi password.
But the researchers pointed out that for the Cypress and Broadcom WiFi chips, the key usually rests on zero value during a procedure known as “disassociation.” The term is used to refer to naturally occurring WiFi connection, which is a result of a temporary connection that occurs as a result of a low Wifi signal.
Although the WiFi packets were known to be secure, the attack allowed hackers to intercept and decrypt the packets.
On a positive note, the Kr00k vulnerability only affects WiFi connections that utilize the WPA2-enterprise or WPA1-personal security protocols via AES-CMP encryption. Users can protect themselves from the attack when they use the WPA3Wi-Fi authentication protocol.
Updates for most devices already available
ESET reiterated that it has informed Cypress and Broadcom of the vulnerability.
“According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability by the time of publication,” the ESET researchers stated.
The researchers said users can verify whether they have received the update for the Kr00k patches when they check the device firmware/OS logs for patches on CVE-2019-15126, a unique ID designed to track the bug.
The bug will not lead to a complete compromise
The ESET researchers also said that the Kr00k bug will not necessarily result in a complete compromise of the communications devices of the users.
However, if the original information of the user s is encrypted through IM clients or via Tor, the communication will still be encrypted even after the Kr00k bug attack.
Also, the Kr00k bug will not be effective if there is no physical proximity of the attacker to the attacked device. The bug cannot gain long-winded and large communications systems without the users discovering issues with WiFi communications.
Bug less dangerous than KRACK
The researchers said although the Kr00k bug has negative impacts on the devices, it’s less damaging than the KRACK vulnerability, which affected the WiFi protocol. The KRACK vulnerability forced users and vendors to migrate to the WPA3 protocol by default.
It was later revealed that Dragonhood, which is a new KRACK attack, impacted most of the WPAs connections. However, it did not affect the entire WiFi connections, unlike the original Knack attack.
The researchers revealed that they fund the Kr00k bug when they were looking into the impact of the KRACK attack. But the two attacks should not be treated as one. They said users and vendors should not treat the bugs as the same because they have different impacts on devices, with the KRACK bug having a more devastating effect.