Billion iphones, Galaxy phones, ipads and Kindles at risk from massive Kr00K Wi-Fi flaws

Billion iphones, Galaxy phones, ipads and Kindles at risk from massive Kr00K Wi-Fi flaws

SAN FRANCISCO - Encryption is good for protecting data in transit, except when that data is encrypted with all zeros. [According to ESET researchers who disclosed the flaw at the RSA conference here today (Feb. 26), unfortunately, a newly revealed Wi-Fi chip vulnerability does just that. [The vulnerability could compromise Apple iPhones, iPafds, and Macs; Amazon Echo and Kindle; Samsung Galaxy phones and tablets; Raspberry Pi 3; older Google Nexus phones; and some Wi-Fi from Asus and Huawei routers, and more than one billion consumer devices will be at risk.

ESET researchers named the flaw Kr00k (formally CVE-2019-15126) because of its similarity to the previous Key Reinstallation Attack (often referred to as KRACK).

The vulnerability exists in Wi-Fi chips manufactured by Broadcom and Cypress, which acquired Broadcom's Internet of Things division in 2016, and affects devices that connect using the mostly common WPA2 standard.

Many device manufacturers update their software, so users should make sure their devices are updated to the latest version possible. (Apple appears to have fixed this flaw in iOS 13.2 and macOS 10.15.1 Catalina.) However, it can be difficult to determine whether a router has the latest firmware, for example.

A successful attack that exploits the vulnerability will force the targeted device, such as a smartphone, to disconnect from the Wi-Fi access point.

When the device automatically reconnects, the last few kilobytes of data from the previous Wi-Fi session are encrypted and sent again with an easy-to-guess all-zero encryption key instead of a complex, random encryption key.

Hackers can use Kr00k to force the device to repeatedly disconnect and reconnect, pushing more data into a less secure buffer. This will eventually provide enough data for the hacker to bypass the Wi-Fi network's encryption key and be able to read data from other users on the same Wi-Fi network.

ESET researchers have worked on this vulnerability for over a year and have confirmed that manufacturers using Broadcom and Cypress chips have developed and released patches for this vulnerability. This includes Amazon and Apple, but applying patches to the vast number of affected devices is complex.

On the other hand, according to ESET researchers, if consumers do not update their devices with the latest patches, they remain exposed to a relatively simple attack.

The risk of an exploit is considered relatively low because an attacker would need to be in physical proximity to the Wi-Fi router in order to force the device to disconnect from the Wi-Fi router. But that could be as simple as walking into a coffee shop and attacking the local network. [Robert Lipovsky, senior malware researcher at ESET and one of Kr00k's principal researchers, warns that data in transit being compromised due to weaker encryption means consumers need to seriously consider patching their devices He states.

"Hackers can get usernames, passwords, session IDs, and anything else that is transmitted," he says.

One of the problems with relying on consumers to patch their devices is that not all devices patch automatically; best practice is to enable automatic updates, as Apple devices do by default considered, but policies vary from manufacturer to manufacturer.

Lipovsky recommends that consumers manually check their devices and Wi-Fi routers to ensure that the latest updates are installed, as it is difficult to determine if vulnerabilities are being actively exploited.

"There's no way to know if it's being exploited in the wild," Lipovsky said.

Categories