Security News > 2020 > March > Bored during lockdown? Why not try out these data-spilling KrØØk Wi-Fi bug exploits against your nearby devices
This design blunder can be abused by nearby miscreants to snatch snapshots of private data, such as web requests, messages, and passwords, over the air from devices as they are transmitted, if said data is not securely encrypted using an encapsulating protocol, such as HTTPS, DNS-over-HTTPS, a VPN, and SSH. Crucially, to pull this off, a hacker does not need to be on the same Wi-Fi network as the victim: just within radio range of a vulnerable phone, gateway, laptop, or whatever is being probed.
"Among the devices vulnerable to this attack are the ones from Samsung, Apple, Xiaomi and other popular brands," Hexway told The Register.
Designated CVE-2019-15126, the KrØØk bug revolves around the transmission data buffers in Broadcom chips.
Researchers at ESET found that, in specific circumstances, an attacker can force a nearby device to disconnect from its Wi-Fi point, causing it to emit any data still in its transmit buffer with an encryption key value of zero.
"After testing this PoC on different devices, we found out that the data of the clients that generated plenty of UDP traffic was the easiest to intercept," Hexway said in an advisory accompanying its code.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/20/kr00k_wifi_bug_poc/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2019-15126 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products An issue was discovered on Broadcom Wi-Fi client devices. | 2.9 |