Cybersecurity researchers today discovered a new high-risk hardware vulnerability named kr00k or Kr00k Attack that is present in widely used Wi-Fi chips made by Broadcom and Cypress, apparently providing more than a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
Called “Kr00k” and monitored as CVE-2019-15126, this flaw can allow nearby remote attackers to intercept and decrypt certain wireless packets transmitted over the wireless network from a vulnerable device.
An attacker does not need to connect to the victim’s wireless network and the vulnerability works with vulnerable devices that use the WPA2-Personal or WPA2-Enterprise protocols with AES-CCMP encryption to protect network traffic.
Also Read: HOW TO CLONE SIM CARD
“Our tests have been confirmed by certain client devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi) and some Asus and Huawei access points were vulnerable to the Kr00k attack, “say ESET researchers.
According to the researchers, the flaw in the Kr00k attack is somehow related to the Kr00k attack, which allows hackers to hack secure Wi-Fi passwords using the widely used WPA2 network protocol.
First, find out what Krokk Attack does not allow:
Before going into the details of the new Kr00k attack, it is important to note that:
The vulnerability does not lie in the Wi-Fi encryption protocol; instead, it exists in the way vulnerable chips implement encryption
It does not allow attackers to connect to your Wi-Fi network and launch new attacks such as “attacker in the middle” or the use of other connected devices,
It does not allow attackers to discover your Wi-Fi password and even changing it will not help solve the problem,
This does not affect modern devices using WPA3, the latest Wi-Fi security standard.
However, it allows attackers to receive and decrypt certain wireless packets (several kilobytes), but there is no way to predict what data they will include.
More importantly, the flaw violates wireless encryption but has nothing to do with TLS encryption, which still protects network traffic with sites using HTTPS.
What is Kr00k Attack and how does it work?
Do you now wonder what the Krkk attack left the attacker?
In short, a successful attack simply reduces your security, a step towards what you would do on an open Wi-Fi network. Therefore, whether attackers can obtain confidential information from a vulnerable device depends entirely on the absence of the next level of encryption for network traffic, i.e. visits to websites other than HTTPS.
The attack is based on the fact that when the device is suddenly disconnected from the wireless network, the Wi-Fi chip erases the session key in memory and resets it, but the chip inadvertently transmits all the remaining data frames in the buffer using the completely null encryption key even after dissociation.
Thus, an attacker close to vulnerable devices could exploit this flaw to repeatedly initiate dissociation by sending wireless deactivation packets to receive several data frames “potentially containing sensitive data, in particular DNS, ARP, ICMP packets, HTTP, TCP, and TLS. ”
In addition to this, since the defect also affects chips embedded in many wireless routers, this problem also allows attackers to intercept and decrypt network traffic transmitted by connected devices that are not vulnerable to Kr00k attack, both fixed and using Wi-Fi chips. various.
ESET researchers reported this problem to affected chip manufacturers Broadcom and Cypress last year, as well as to many affected device manufacturers who are responsible for developing a fix to mitigate this problem through updates software or firmware updates for their users.
Apple has already released fixes for its users, some of which are expected to release fixes for consultants or security at the time of release, while other vendors are still testing the issue on their devices.