Researchers at Slovakian Internet security company ESET discovered that billions of devices are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data.
The team named the vulnerability Kr00k; it is tracked as CVE-2019-15126. The vulnerability exists in Wi-Fi chips manufactured by Cypress Semiconductor and Broadcom, affecting devices such as iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3's, and certain Wi-Fi routers.
Kr00k exploits the fact that wireless devices disassociate from a wireless access point, exposing any unsent data frames. Rather than encrypt this unsent data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros.
While manufacturers have made patches available for most of the affected devices, it is not clear how many devices actually installed the patches.
From Ars Technica
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found