{"id":735,"date":"2020-02-28T06:30:37","date_gmt":"2020-02-28T06:30:37","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=735"},"modified":"2020-03-09T12:51:32","modified_gmt":"2020-03-09T12:51:32","slug":"wi-fi-vulnerability-affects-billion","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/wi-fi-vulnerability-affects-billion\/","title":{"rendered":"New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p>Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom Cybersecurity<\/p>\n<p>and Cypress\u2014apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.<\/p>\n<p>Dubbed &#8216;<b>Kr00k<\/b>&#8216; and tracked as\u00a0<b>CVE-2019-15126<\/b>, the flaw could let nearby remote attackers intercept<\/p>\n<p>and decrypt some wireless network packets transmitted over-the-air by a vulnerable device.<\/p>\n<p>The attacker does not need to be connected to the victim&#8217;s wireless network and the flaw works against vulnerable devices using Cybersecurity<\/p>\n<p>WPA2-Personal or WPA2-Enterprise protocols, with AES-CCMP encryption, to protect their network traffic.<\/p>\n<p>&#8220;Our tests confirmed some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy),<\/p>\n<p>Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k,&#8221; ESET researchers said.<\/p>\n<p>According to the\u00a0researchers, the Kr00k flaw is somewhat related to the\u00a0KRACK attack,<\/p>\n<p>a technique that makes it easier for attackers to\u00a0hack Wi-Fi passwords\u00a0protected using a widely-used WPA2 network protocol.<\/p>\n<h2>First, Learn What Kr00k Attack Doesn&#8217;t Allow: Wi-Fi<\/h2>\n<p>Before proceeding to details of the new Kr00k attack, it&#8217;s important to note that:<\/p>\n<ul>\n<li>The vulnerability does not reside in the Wi-Fi encryption protocol; instead, it exists in the way vulnerable chips implemented the encryption,<\/li>\n<li>It doesn&#8217;t let attackers connect to your Wi-Fi network and launch further man-in-the-middle attacks or exploitation against other connected devices,<\/li>\n<li>It does not let attackers know your Wi-Fi password,<\/li>\n<li>and also changing it wouldn&#8217;t help you patch the issue,<\/li>\n<li>It doesn&#8217;t affects modern devices using WPA3 protocol, the latest Wi-Fi security standard.<\/li>\n<li>However, it does let attackers capture and decrypt some wireless packets (several kilobytes), but there&#8217;s no way to predict what data it will include,<\/li>\n<li>Most importantly, the flaw breaks encryption on the wireless layer but has nothing to do with TLS encryption that still secures your network traffic with sites using HTTPS. Cybersecurity<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>What is Kr00k Attack &amp; How Does it Work? Cybersecurity<\/h2>\n<p>Now you might be wondering what the Kr00k attack then let attackers do?<\/p>\n<p>In brief, a successful attack merely degrades your security a step towards what you&#8217;d have on an open Wi-Fi network. Thus,<\/p>\n<p>what sensitive information attackers can capture from a vulnerable device is totally depends upon<\/p>\n<p>the lack of the next layer of network traffic encryption i.e., visiting non-HTTPS websites.<\/p>\n<div class=\"separator\">\n<figure style=\"width: 728px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/1.bp.blogspot.com\/-0gnA1O-F-_o\/XlaryAWHHFI\/AAAAAAAA2bk\/XW23-hcY8RIC-2y8Gs2UH-vKuhKRvJlfwCLcBGAsYHQ\/s728-e100\/wifi-password-hacking.jpg\"><img loading=\"lazy\" decoding=\"async\" title=\"Wi-Fi -password-hacking-attack\" src=\"https:\/\/1.bp.blogspot.com\/-0gnA1O-F-_o\/XlaryAWHHFI\/AAAAAAAA2bk\/XW23-hcY8RIC-2y8Gs2UH-vKuhKRvJlfwCLcBGAsYHQ\/s728-e100\/wifi-password-hacking.jpg\" alt=\"Wi-Fi -password-hacking-attack Cybersecurity\" width=\"728\" height=\"407\" border=\"0\" data-original-height=\"407\" data-original-width=\"728\" \/><\/a><figcaption class=\"wp-caption-text\">Wi-Fi -password-hacking-attack Cybersecurity<\/figcaption><\/figure>\n<\/div>\n<h4>The attack relies on the fact that when a device suddenly gets disconnected from the wireless network,<\/h4>\n<p>the Wi-Fi chip clears the session key in the memory and set it to zero,<\/p>\n<p>but the chip inadvertently transmits all data frames left in the buffer with an all-zero encryption key even after the disassociation.<\/p>\n<p>Therefore, an attacker in near proximity to vulnerable devices can use this flaw to repeatedly trigger disassociations by sending de-authentication packets over the air to capture more data frames,<\/p>\n<p>&#8220;potentially containing sensitive data, including DNS, ARP, ICMP, HTTP, TCP, and TLS packets.&#8221;<\/p>\n<p>Besides this, since the flaw also affects chips embedded in many wireless routers, the issue<\/p>\n<p>also makes it possible for attackers to intercept Cybersecurity<\/p>\n<p>and decrypt network traffic transmitted from connected devices that are not vulnerable to Kr00k,<\/p>\n<p>either patched or using different Wi-Fi chips.<\/p>\n<p>ESET researchers reported this issue to both affected chip manufacturers, Broadcom and Cypress, last year, as well as many affected<\/p>\n<p>device manufacturers who are responsible for developing a patch to mitigate the problem via software or firmware updates for their users.<\/p>\n<p>Apple has already released patches for its users, some should have issued advisory or security patches<\/p>\n<p>at the time of publication, and other vendors are still testing the issue against their devices.<\/p>\n<h5>Cybersecurity<\/h5>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h1 class=\"entry-title\"><a href=\"http:\/\/zerothcode.com\/blog\/burp-suite-monitor-endpoints\/\">Burp Suite Extension \u2013 To Monitor And Keep Track of Tested Endpoints\u00a0<\/a><\/h1>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom Cybersecurity<\/p>\n","protected":false},"author":1,"featured_media":736,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[37],"tags":[],"yst_prominent_words":[412,862,865,863,854,175,864,860,849,852,176,851,848,858,859,855,856,857,861,847],"class_list":["post-735","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hackers-news"],"_links":{"self":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/comments?post=735"}],"version-history":[{"count":0,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/735\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media\/736"}],"wp:attachment":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media?parent=735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/categories?post=735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/tags?post=735"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}