Communications of the ACM

Home/News/Flaw in Billions of Wi-Fi Devices Left Communications.../Full Text

ACM TechNews

Flaw in Billions of Wi-Fi Devices Left Communications Open to Eavesdropping

By Ars Technica
March 2, 2020
Comments

View as: Print Mobile App Share:

A wireless router. — Researchers at Slovakian Internet security company ESET found that billions of devices are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the airwaves.

Credit: arstechnica.net

Researchers at Slovakian Internet security company ESET discovered that billions of devices are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data.

The team named the vulnerability Kr00k; it is tracked as CVE-2019-15126. The vulnerability exists in Wi-Fi chips manufactured by Cypress Semiconductor and Broadcom, affecting devices such as iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3's, and certain Wi-Fi routers.

Kr00k exploits the fact that wireless devices disassociate from a wireless access point, exposing any unsent data frames. Rather than encrypt this unsent data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros.

While manufacturers have made patches available for most of the affected devices, it is not clear how many devices actually installed the patches.

From Ars Technica
View Full Article

No entries found

Flaw in Billions of Wi-Fi Devices Left Communications Open to Eavesdropping

Guaranteeing the Safety of Autonomous Vehicles

U.S. Copyright Office's Questions about Generative AI

Are You Confident in Your Backups?