Welcome to the

AdGuardian Plus Blog


Critical vulnerability in Wi-Fi chips revealed by ESET

Critical vulnerability affects Wi-Fi chips

ESET researchers revealed a critical vulnerability in Wi-Fi chips. KrØØk, as they call it, causes vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication. So, attackers might decrypt some wireless network data transmitted by such vulnerable devices.

According to ESET, KrØØk affects devices with Wi-Fi chips by Broadcom and Cypress that haven’t yet been patched. The chips are used in most of the smartphones, tablets, laptops, and also IoT gadgets currently used.

The vulnerability also affected Wi-Fi access points and routers with Broadcom chips: Thus, they made many environments with unaffected or patched client devices vulnerable, anyway.

The tests confirmed that prior to patching, very well-known devices were vulnerable. So, the researchers named Echo and Kindle (Amazon), iPhone, iPad and MacBook (Apple), Nexus (Google), Galaxy (Samsung), Pi 3 (Raspberry) and RedMi (Xiaomi). Also, they mentioned some access points by Asus and Huawei. So, they estimate that this totaled to over a billion Wi-Fi-capable devices and access points. But some other vendors use the chipsets in their products, too.

Although KrØØk is related to KRACK(Key Reinstallation Attacks), that Mathy Vanhoef discovered in 2017, they are also different. So, in the beginning, the researchers found KrØØk to be one of the possible causes behind the “reinstallation” of an all-zero encryption key. These were observed in tests for KRACK attacks. They also relied on the previous findings that Amazon Echo was vulnerable to KRACK.

The producers reacted promptly

Immediately, ESET researchers disclosed the vulnerability to Broadcom and Cypress. Then, those released updates during an extended disclosure period. Also, they worked with the Industry Consortium for Advancement of Security on the Internet (ICASI). So, they ensured that all potentially affected parties – affected device manufacturers using the vulnerable chips and any other possibly affected chip manufacturers – were aware of KrØØk.

Therefore, major munufacturers have released patches for their devices. But, in order to protect ourselves, we need to make sure we apply the latest available updates to our Wi-Fi-capable devices. This includes phones, tablets, laptops, IoT devices, and also Wi-Fi access points and routers.

The company presented the critical vulnerability in the WI-FI chips at the RSA Conference 2020. This comes just less than two weeks after ESET warned about an extortion email campaign threatening to bombard websites using AdSense with bot driven traffic.

Laurentiu Titei
About author

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.
Related posts

Digital Advertising practices, under the pressure of fines


Advertising discrimination, addressed by huge companies


Ad fraud might hit $100B, advertising companies worry


The ad-based business model: Would Facebook change it?

Leave a Reply

Your email address will not be published. Required fields are marked *