Security News > 2020 > February > Kr00k Vulnerability Exposed Data From Over a Billion Wi-Fi Devices
A new vulnerability, which may have affected over one billion Wi-Fi-capable devices before patches were released, could have allowed hackers to obtain sensitive information from wireless communications, cybersecurity firm ESET revealed on Wednesday.
Dubbed Kr00k and tracked as CVE-2019-15126, the vulnerability caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing an attacker to decrypt some wireless network packets transmitted by affected devices.
Kr00k impacts devices using some Wi-Fi chips made by Broadcom and Cypress.
Before the patches were deployed, ESET estimates that over one billion devices were vulnerable to Kr00k attacks.
The Kr00k vulnerability can be triggered following a disassociation - when a device is disconnected from a Wi-Fi network due to signal interference, switching access points, or disabling of the Wi-Fi feature on the device.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2019-15126 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products An issue was discovered on Broadcom Wi-Fi client devices. | 2.9 |