ESET security Experimental Research and Detection Team discovered the Kr00k Vulnerability, that allows unauthorized decryption of some WPA2-encrypted traffic.
What is Kr00k?
Kr00k, a formally known as CVE-2019-15126 – It is a vulnerability in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic.
Affected billions of devices, potentially causing the leak of sensitive data and opening a new attack vector for blackhats.
Who is affected?
The vulnerability affects all unpatched devices with Broadcom and Cypress Full Mac Wi-Fi chips. These are the most common Wi-Fi chips used in today’s client devices, made by well-known manufacturers including Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy) as well as devices under many other brands.
Wi-Fi Access points and routers are also affected by Kr00k, making even environments with patched client devices vulnerable. All-in-all, before patching there were more than a billion affected devices. The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols, with AES-CCMP encryption.
How do you know if you are still vulnerable to Kr00k?
Make sure, you have updated all your Wi-Fi capable devices, including phones, tablets, laptops, and Wi-Fi access points and routers to the latest operating system, software and/or firmware versions. According to Eset information, patches for devices by major manufacturers have been released by now.
ESET tested a number of popular devices with Broadcom and Cypress Wi-Fi chips and confirmed a manifestation of the Kr00k vulnerability. We have also tested some devices with Wi-Fi chips from other manufacturers, including Qualcomm, Realtek, Ralink and Mediatek, and did not see the vulnerability manifest itself.
The Kr00k vulnerability does not affect Wi-Fi Password, therefore the vulnerability does not affect its security and changing it does not hamper the ability of attackers trying to exploit the vulnerability.
Also, it doesn’t affected WPA3 protocol modem devices.
As this vulnerability affects Wi-Fi chips used in devices manufactured by various vendors, the patching process involves both the chip manufacturers (Broadcom and Cypress), as well as the device manufacturers.
ESET responsibly disclosed the identified vulnerability to Broadcom and Cypress, who subsequently released patches to the individual device manufacturers.
KRACK Attacks on WPA2
In 2017, the KRACK attacks were found in the WPA2 protocol. An attacker within range of a victim can exploit these weaknesses using key re-installation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.
Update your Firmware Now
According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability by the time of publication. Depending on the device type, this might only mean ensuring the latest Operating System or software updates are installed (Android, Apple and Windows devices, some IoT devices), but may require a firmware update (access points, routers and some IoT devices).
Thus, users and organizations should update devices with Broadcom or Cypress chips to the latest software versions, includes both client devices, as well as access points.
You can read Kr00k full research paper here.