ESET researchers discovered Kr00k (CVE-2019-15126), a hitherto unknown vulnerability to Wi-Fi chips used on client devices, Wi-Fi access points and routers.
The Kr00k vulnerability encrypts the network communication of an infected device with an “all-zero”encryption key, enabling the cyber-criminal to decrypt wireless network packages and successfully crown its attack.
Kr00k’s discovery is linked to previous ESET investigation into security gaps detected in the Amazon Echo, which allowed attacks from KRACK (Key Reinstallation Attack) vulnerabilities; Kr00k is related to KRACK, but it has fundamental differences. Analyzing the KRACKs, ESET researchers found that the Kr00k was one of the factors responsible for “reinstalling” an “all-zero” encryption key observed in tests for KRACK attacks. Following this investigation, most major device makers have released patches.
Kr00k affects all devices with Broadcom and Cypress Wi-Fi chips that have not been updated with patch. These are the most common Wi-Fi chips currently used on client devices. Wi-Fi access points and routers are also vulnerable, meaning that even environments that client devices have been updated with patch are at risk.
ESET examined and confirmed that among the vulnerable devices were client devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), as well as access points from Asus and Huawei.
ESET reported the vulnerability to Broadcom and Cypress chip makers, who subsequently released patches. The company also partnered with the Industry Consortium for Advancement of Security on the Internet (ICASI) to inform about Kr00k all stakeholders, both device makers using chips with vulnerability, and other manufacturers who may are affected. According to the information available to ESET, major manufacturers’ devices have now been updated with patches.
“To protect a user, you need to make sure that all devices that connect to Wi-Fi, such as phones, tablets, laptops, IoT smart devices, Wi-Fi access points and routers, have the latest update version”,
advises ESET researcher Robert Lipovský, who works with the team analyzing Kr00k.
“It is of concern that the Kr00k vulnerability applies not only to client devices, but also to Wi-Fi access points and routers. This significantly increases the scope of the attack, as an intruder can decrypt data transmitted from an access point with vulnerability, a function that occurs without being able to be controlled on a device, even if it has no vulnerabilities.”