New Kr00k Vulnerability Affects Over 1 Million Wi-Fi Devices

A new vulnerability was recently discovered that could potentially allow attackers to obtain sensitive information from over one billion Wi-Fi-capable devices. 

Kr00k (CVE-2019-15126) is the latest vulnerability that's been shown to caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing hackers to decrypt some wireless network packets transmitted by impacted devices.

This vulnerability is related to the infamous KRACK (Key Reinstallation Attacks) that was originally discovered back in 2017. However, researchers claim there are a few key differences. 

Kr00k affects devices using Wi-Fi chips produced by Broadcomm and Cypress. Some devices that are affected by this vulnerability include smartphones, tablets, laptops, IoT devices, and routers. 

ESET reported its findings to Broadcomm and Cypress last summer and the vendors have since released patches to address them, which many devices have already received patches for. Before these patches were deployed, ESET estimates that more than one billion devices were vulnerable to a potential Kr00k attack. 

The vulnerability is triggered following a disassociation - when a device is disconnected from a Wi-Fi network because of signal interference, switching access points, or disabling Wi-Fi features on a device. 

Once disassociated, the session key stored in the Wireless Network Interface Controller's (WNIC) Wi-Fi chip is cleared in memory and set to zero. 

Following a reassociation, an attacker within close proximity of the targeted connected can collect these data frames and decrypt them, allowing attackers to obtain several kilobytes of sensitive data. 

ESET claims that hackers can manually trigger disassociations and reassociations to collect even more data frames and increase their likelihood of gathering sensitive information. The company also claims that communications protected by TLS cannot be recovered using this attack method. 

>> For more information on this vulnerability, read ESET's complete research paper

>> Learn about NNT's Vulnerability Scanning & Remediation solution 

Cloud and Container Security
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
Information
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.