New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices

    New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices

    New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices


    Last Updated: 26 Feb 2020 at 21:10
    Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.

    Dubbed 'Kr00k' and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device.

    The attacker does not need to be connected to the victim's wireless network and the flaw works against vulnerable devices using WPA2-Personal or WPA2-Enterprise protocols, with AES-CCMP encryption, to protect their network traffic.

    "Our tests confirmed some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k," ESET researchers said.


    Read more: New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
    Golden's Avatar Posted By: Golden
    26 Feb 2020

  1. Andrew129260's Avatar
    Posts : 191
    Windows 10 Pro x64 latest version
       #1

    Well this sucks...Hope its patched soon and not 6 months from now

    Just saw the article:

    Before proceeding to details of the new Kr00k attack, it's important to note that:


    • The vulnerability does not reside in the Wi-Fi encryption protocol; instead, it exists in the way vulnerable chips implemented the encryption,
    • It doesn't let attackers connect to your Wi-Fi network and launch further man-in-the-middle attacks or exploitation against other connected devices,
    • It doesn't let attackers know your Wi-Fi password, and also changing it wouldn't help you patch the issue,
    • It doesn't affect modern devices using WPA3 protocol, the latest Wi-Fi security standard.
    • However, it does let attackers capture and decrypt some wireless packets (several kilobytes), but there's no way to predict what data it will include,
    • Most importantly, the flaw breaks encryption on the wireless layer but has nothing to do with TLS encryption that still secures your network traffic with sites using HTTPS.


    So it's not as big of a deal as it sounded.
      My Computers

  2. Golden's Avatar
    Posts : 1,635
    Windows 10 Pro x64
    Thread Starter
       #2

    Andrew129260 said:
    So it's not as big of a deal as it sounded.
    Yeah, an attacker has to be at the right place at the right time, precisely, to capture something. Rare.
      My Computers

  3. TV2's Avatar
    TV2
    Posts : 1,771
    W10 Pro 20H2
       #3

    Like an FBI or SIO van parked in front of your house!
      My Computers

  4. Andrew129260's Avatar
    Posts : 191
    Windows 10 Pro x64 latest version
       #4

    TV2 said:
    Like an FBI or SIO van parked in front of your house!
    I always wanted to know why FBI surveillance van was so close to my house....../s
      My Computers

  5. Golden's Avatar
    Posts : 1,635
    Windows 10 Pro x64
    Thread Starter
       #5

    Hahaha
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:38.
Find Us




Windows 10 Forums