Security News > 2020 > February > Flaw affecting 1B+ Wi-Fi-enabled devices allows attackers to decrypt wireless network packets

Flaw affecting 1B+ Wi-Fi-enabled devices allows attackers to decrypt wireless network packets
2020-02-27 04:00

Kr00k is a vulnerability that causes the network communication of an affected device to be encrypted with an all-zero encryption key.

CVE-2019-15126 is particularly dangerous because it has affected over a billion Wi-Fi enabled devices - a conservative estimate.

Kr00k affects all devices with Broadcom and Cypress Wi-Fi chips that remain unpatched.

ESET tested and confirmed that among the vulnerable devices were client devices by Amazon, Apple, Google, Samsung, Raspberry and Xiaomi, as well as access points by Asus and Huawei.

"Of great concern is that not only client devices, but also Wi-Fi access points and routers that have been affected by Kr00k. This greatly increases the attack surface, as an adversary can decrypt data that was transmitted by a vulnerable access point, which is often beyond your control, to your device, which doesn't have to be vulnerable."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/-QR7IJ35I08/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-02-05 CVE-2019-15126 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
An issue was discovered on Broadcom Wi-Fi client devices.
high complexity
apple broadcom CWE-367
3.1
3.1