Categories: News

Critical vulnerability in Wi-Fi chips revealed by ESET

ESET researchers revealed a critical vulnerability in Wi-Fi chips. KrØØk, as they call it, causes vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication. So, attackers might decrypt some wireless network data transmitted by such vulnerable devices.

According to ESET, KrØØk affects devices with Wi-Fi chips by Broadcom and Cypress that haven’t yet been patched. The chips are used in most of the smartphones, tablets, laptops, and also IoT gadgets currently used.

The vulnerability also affected Wi-Fi access points and routers with Broadcom chips: Thus, they made many environments with unaffected or patched client devices vulnerable, anyway.

The tests confirmed that prior to patching, very well-known devices were vulnerable. So, the researchers named Echo and Kindle (Amazon), iPhone, iPad and MacBook (Apple), Nexus (Google), Galaxy (Samsung), Pi 3 (Raspberry) and RedMi (Xiaomi). Also, they mentioned some access points by Asus and Huawei. So, they estimate that this totaled to over a billion Wi-Fi-capable devices and access points. But some other vendors use the chipsets in their products, too.

Although KrØØk is related to KRACK(Key Reinstallation Attacks), that Mathy Vanhoef discovered in 2017, they are also different. So, in the beginning, the researchers found KrØØk to be one of the possible causes behind the “reinstallation” of an all-zero encryption key. These were observed in tests for KRACK attacks. They also relied on the previous findings that Amazon Echo was vulnerable to KRACK.

The producers reacted promptly

Immediately, ESET researchers disclosed the vulnerability to Broadcom and Cypress. Then, those released updates during an extended disclosure period. Also, they worked with the Industry Consortium for Advancement of Security on the Internet (ICASI). So, they ensured that all potentially affected parties – affected device manufacturers using the vulnerable chips and any other possibly affected chip manufacturers – were aware of KrØØk.

Therefore, major munufacturers have released patches for their devices. But, in order to protect ourselves, we need to make sure we apply the latest available updates to our Wi-Fi-capable devices. This includes phones, tablets, laptops, IoT devices, and also Wi-Fi access points and routers.

The company presented the critical vulnerability in the WI-FI chips at the RSA Conference 2020. This comes just less than two weeks after ESET warned about an extortion email campaign threatening to bombard websites using AdSense with bot driven traffic.

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

2 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

3 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

3 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

3 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago