Security News > 2020 > February > Kr00k Vulnerability Exposed Data From Over a Billion Wi-Fi Devices

Kr00k Vulnerability Exposed Data From Over a Billion Wi-Fi Devices
2020-02-26 16:02

A new vulnerability, which may have affected over one billion Wi-Fi-capable devices before patches were released, could have allowed hackers to obtain sensitive information from wireless communications, cybersecurity firm ESET revealed on Wednesday.

Dubbed Kr00k and tracked as CVE-2019-15126, the vulnerability caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing an attacker to decrypt some wireless network packets transmitted by affected devices.

Kr00k impacts devices using some Wi-Fi chips made by Broadcom and Cypress.

Before the patches were deployed, ESET estimates that over one billion devices were vulnerable to Kr00k attacks.

The Kr00k vulnerability can be triggered following a disassociation - when a device is disconnected from a Wi-Fi network due to signal interference, switching access points, or disabling of the Wi-Fi feature on the device.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/E1PLe-Qjdc8/kr00k-vulnerability-exposed-data-over-billion-wi-fi-devices

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-02-05 CVE-2019-15126 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
An issue was discovered on Broadcom Wi-Fi client devices.
high complexity
apple broadcom CWE-367
3.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Billion 2 0 1 6 3 10