Security News > 2020 > February > New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices

Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress-apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.

First, Learn What Kr00k Attack Doesn't Allow: Before proceeding to details of the new Kr00k attack, it's important to note that:The vulnerability does not reside in the Wi-Fi encryption protocol; instead, it exists in the way vulnerable chips implemented the encryption,.

Most importantly, the flaw breaks encryption on the wireless layer but has nothing to do with TLS encryption that still secures your network traffic with sites using HTTPS. What is Kr00k Attack & How Does it Work? Now you might be wondering what the Kr00k attack then let attackers do?

An attacker in near proximity to vulnerable devices can use this flaw to repeatedly trigger disassociations by sending deauthentication packets over the air to capture more data frames, "Potentially containing sensitive data, including DNS, ARP, ICMP, HTTP, TCP, and TLS packets."

Since the flaw also affects chips embedded in many wireless routers, the issue also makes it possible for attackers to intercept and decrypt network traffic transmitted from connected devices that are not vulnerable to Kr00k, either patched or using different Wi-Fi chips.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/CE5s2wiXNBk/kr00k-wifi-encryption-flaw.html