A team of researchers at the security solutions company ESET discovered a security vulnerability in devices that run on Broadcom and Cypress Wi-Fi chips — two of the world's most popular Wi-Fi chipsets. Called “Kr00K” and tracked as CVE-2019-15126, this vulnerability is said to affect billions of devices, including laptops, tablets, smartphones, routers, and Internet of Things (IoT) devices.
What does Kr00K do?
Kr00K affects the encryption used to protect data packets sent over Wi-Fi networks. The encryption key used by affected devices is reset to an all-zero value during disassociation (i.e., when a device is temporarily disconnected from your wireless network because of poor Wi-Fi signal).
By exploiting this vulnerability, hackers can force your devices into a prolonged state of disassociation. They can then intercept data packets meant to be sent to the affected devices and use the all-zero key to decrypt the data.
Here are some other details about Kr00K that you should take note of:
- The flaw is not in the Wi-Fi encryption protocol; rather, it's in the way affected chips implement encryption.
- It doesn't allow hackers to connect or access your Wi-Fi network, which will allow them to launch man-in-the-middle attacks on connected devices.
- It won't give your Wi-Fi passwords to attackers.
- Devices using WPA3 are not affected by this flaw.
- Kr00K can't break through TLS encryption that protects your network traffic when visiting HTTPS sites.
- It’s not capable of retrieving long-winded communications streams without you noticing connection problems with your Wi-Fi.
- It can’t be used to launch automated botnet attacks.
- Kr00K can only be exploited if an attacker is within range of your wireless network.
Is Kr00K similar to the KRACK vulnerability?
Kr00K is related to KRACK, which was discovered in 2017, but the two are fundamentally different. Below is a comparison of the two vulnerabilities.
|A hardware vulnerability||A replay attack on Wi-Fi using WPA protocols|
|Causes affected devises to use an all-zero encryption key||Reuses cryptographic nonce to acquire a keystream|
|Triggered after a device disassociates from a wireless network||Activates during a four-way handshake|
|Exploits Wi-Fi chips manufactures by Broadcom and Cypress||Hits Wi-Fi devices using the WPA2 protocol|
What are the devices affected by Kr00K?
In the tests performed by ESET, they found that the following client devices are vulnerable to Kr00K:
- Amazon Kindle 8th gen
- Amazon Echo 2nd gen
- Apple iPhone 6, 6S, 8, and XR
- Apple iPad mini 2
- Apple MacBook Air Retina 13-inch 2018
- Google Nexus 5, 6, and 6P
- Raspberry Pi 3
- Samsung Galaxy s4 GT-i9505
- Samsung Galaxy S8
- Xiaomi Redmi 35
In addition, ESET also found the following wireless routers and Wi-Fi access points to be at risk:
- Asus RT-N12
- Huawei B6125-25d
- Huawei EchoLife HG8245H
- Huawei E5577Cs-321
How do you protect yourself from Kr00K?
The best way to protect your devices from Kr00K is to patch them using the latest operating system or software updates. Updates should be done on both client and access point devices to ensure that hackers cannot exploit the Kr00K vulnerability.
Most of the devices mentioned above should have already received updated patches from their manufacturers. One easy way to check is to access a device’s OS/firmware changelog. The updated log should contain fixes for CVE-2019-15126, the ID assigned to Kr00K.
Don't let Kr00K and other cyberthreats wreak havoc on your network. Partner with a trusted managed IT services provider like Complete Document Solutions. Our advanced cybersecurity services will provide your business with powerful safeguards against malicious cyberattacks and data breaches. To learn more about our cybersecurity services, download this free eBook now.