Kr00k Vulnerebility
Source: Eset
What is Kr00k?
Kr00k – formally known as CVE-2019-15126 – is a vulnerability in Broadcom and
Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted
traffic.
Who is affected?
The vulnerability affects all unpatched devices with Broadcom and Cypress
FullMac Wi-Fi chips. These are the most common Wi-Fi chips used in today's
client devices, made by well-known manufacturers including Amazon (Echo,
Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy) as well
as devices under many other brands.
Wi-Fi Access points and routers are also affected by Kr00k, making even environments with patched client devices vulnerable. All-in-all, before patching there were more than a billion affected devices.
How do I know if I’m still vulnerable to Kr00k?
Make sure you have updated all your Wi-Fi capable devices, including phones,
tablets, laptops, and Wi-Fi access points and routers to the latest operating
system, software and/or firmware versions. According to our information, patches
for devices by major manufacturers have been released by now.
Inquiries whether your devices with affected chips have been patched - or if
your device uses the affected chips in the first place - need to be directed at
your device manufacturer.
What is the state of patching of Kr00k?
As this vulnerability affects Wi-Fi chips used in devices manufactured by
various vendors, the patching process involves both the chip manufacturers (Broadcom
and Cypress), as well as the device manufacturers. ESET responsibly disclosed
the identified vulnerability to Broadcom and Cypress, who subsequently released
patches to the individual device manufacturers.
Furthermore, to expand the scope of our responsible disclosure, ESET has worked with ICASI to ensure that all possibly affected device manufacturers are aware of Kr00k.
Released patches:
While we don’t have a comprehensive overview of when all these vendors have
subsequently released software updates (due to the large number), we are aware
of the following:
iOS 13.2 and iPadOS 13.2 - October 28, 2019
macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006 -
October 29, 2019
Inquiries about patching of devices by other manufacturers need to be directed
to the respective manufacturers.
Additional information
Yes, that is the case if your device is not patched yet. Fortunately, there are
a few aspects that limit the impact of the bug:
Firstly, it's a vulnerability concerning encryption on the wireless LAN (Wi-Fi)
layer. It has nothing to do with TLS - the encryption that secures your online
banking, email, and any website prefixed with HTTPS. In other words, a
successful attack exploiting Kr00k degrades your security a step towards what
you'd have on an open Wi-Fi network.
Secondly, as it's tied to Wi-Fi, the attacker would have to be in close
proximity to your Wi-Fi signal. (But - wouldn't need to know your Wi-Fi
password!)
Eavesdropping on the communication of an unpatched device is simple enough for
most black-hat actors.
Kr00k is in no way tied to your Wi-Fi password, therefore the vulnerability does not affect its security and changing it does not hamper the ability of attackers trying to exploit the vulnerability.
Our research has focused on the most ubiquitous protocol WPA2 with CCMP. The outdated and insecure WEP, WPA-TKIP, and the new WPA3 protocols, were not the focus of our research.
Unfortunately, Kr00k also affects access points, meaning even communication between patched client devices and such vulnerable access points can be intercepted.
ESET Experimental Research and Detection Team, most prominently ESET security researcher Miloš Čermák.