Technology New Kr00k vulnerability lets attackers decrypt WiFi packets

09:05  27 february  2020
09:05  27 february  2020 Source:   zdnet.com

Security bug could let attackers snoop on Wi-Fi traffic

  Security bug could let attackers snoop on Wi-Fi traffic The vulnerability called Krook affected Wi-Fi chips from Broadcom and Cypress.data privacy

Named Kr 00 k , this bug can be exploited by an attacker to intercept and decrypt some type of WiFi network traffic (relying on WPA2 connections). The difference is that Kr 00 k impacts the encryption used to secure data packets sent over a WiFi connection. Typically, these packets are encrypted

Wi - Fi networks are no strangers to vulnerabilities , and now, a team at the cybersecurity firm ESET has discovered a security vulnerability that Dubbed as Kr 00 k , the flaw allows malicious hackers to sniff, intercept and decrypt some type of WiFi network traffic that relies on WPA2 connections.

Today, at the RSA 2020 security conference in San Francisco, security researchers from Slovak antivirus company ESET will present details about a new vulnerability that impacts WiFi communications.

a circuit board © ZDNet

Named Kr00k, this bug can be exploited by an attacker to intercept and decrypt some type of WiFi network traffic (relying on WPA2 connections).

According to ESET, Kr00k affects all WiFi-capable devices running on Broadcom and Cypress Wi-Fi chips. These are two of the world's most popular WiFi chipsets, and they are included in almost everything, from laptops to smartphones, and from access points to smart speakers and other IoT devices.

Eero's mesh WiFi routers now support Apple HomeKit

  Eero's mesh WiFi routers now support Apple HomeKit Eero has acted on its promise of supporting HomeKit for Routers. You can now add any Eero, Eero Pro or Eero Beacon device running eeroOS 3.18.0 (or later) to Apple's Home app, letting the mesh WiFi routers firewall your smart home devices so that a vulnerability in one doesn't compromise your entire local network. You can allow gadgets to communicate automatically with the devices their manufacturers approve, limit them to HomeKit or remove all restrictions if necessary. It's not surprising that Eero would be one of the earliest router makers to support HomeKit.

A vulnerability in some popular WiFi chips present in client devices, routers, and access points, can be leveraged to partially decrypt user communication and expose data in wireless network packets . The flaw received the name Kr 00 k and was identified in components from Broadcom and Cypress, which

The WiFi protocol vulnerability KRACK has been revealed, and it looks scary. This works because the attacker can simply request the third handshake out of four in the key generation. Eventually an all 0 key can be generated, which can allow the attacker to decrypt the data and view it.

ESET researchers said they personally tested and confirmed that Kr00k impacts devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), but also access points from Asus and Huawei.

In a press release today, ESET said it believes that more than a billion devices are vulnerable to Kr00k, and they consider this number "a conservative estimate."

What's Kr00k?

At the technical level [PDF], Kr00k is just a bug, like many other bugs that are being discovered on a daily basis in the software that we all use.

The difference is that Kr00k impacts the encryption used to secure data packets sent over a WiFi connection.

Typically, these packets are encrypted with a unique key that depends on the user's WiFi password. However, ESET researchers say that for Broadcom and Cypress Wi-Fi chips, this key gets reset to an all-zero value during a process called "disassociation."

Researchers discover that Intel chips have an unfixable security flaw

  Researchers discover that Intel chips have an unfixable security flaw Security researchers have discovered another flaw in recent Intel chips that, while difficult to exploit, is completely unpatchable. The vulnerability is within Intel's Converged Security and Management Engine (CSME), a part of the chip that controls system boot-up, power levels, firmware and, most critically, cryptographic functions. Security specialists Positive Technologies have found that a tiny gap in security in that module that could allow attackers to inject malicious code and, eventually, commandeer your PC. The vulnerability is another in a string of Intel chip flaws that have damaged the chipmaker's reputation of late.

New Kr 00 k vulnerability lets attackers decrypt WiFi packets . A new survey about election security shows that Americans worry just as much about domestic interference as foreign. And that they'd prefer a tech company to oversee elections instead

A new security vulnerability called Krook could have let attackers intercept and decrypt some Wi - Fi traffic. The bug affected Wi - Fi chips from Broadcom and Cypress that are used in devices like phones and laptops, as well as some access points and routers, according to security researchers from

Disassociation is something that occurs naturally in a WiFi connection. It refers to a temporary disconnection that usually happens due to a low WiFi signal.

WiFi devices enter into disassociated states many times a day, and they're automatically configured to re-connect to the previously used network when this happens.

ESET researchers say that attackers can force devices into a prolonged disassociated state, receive WiFi packets meant for the attacked device, and then use the Kr00k bug to decrypt WiFi traffic using the all-zero key.

This attack scenario allows hackers to actively intercept and decrypt WiFi packets, normally considered to be secure.

The good news is that the Kr00k bug only impacts WiFi connections that use WPA2-Personal or WPA2-Enterprise WiFi security protocols, with AES-CCMP encryption.

This means that if you use a device with a Broadcom or Cypress WiFi chipset, you can protect yourself against attacks by using the newer WPA3 WiFi authentication protocol.

D-Link's latest routers pack WiFi 6 and mesh networking

  D-Link's latest routers pack WiFi 6 and mesh networking It wouldn't be CES without an avalanche of WiFi routers, and D-Link is certainly contributing its share. It's coming to the show with no less than nine (!) offerings, all of which include mesh networking to help set up strong coverage across a whole home. They also have "enhanced," profile-driven parental controls that are reportedly easy to set up, and five models support the added speed of WiFi 6 if you're looking to future-proof your network. The lineup also supports WPA3 encryption as well as compatibility with Alexa, Google Assistant and IFTTT.

Wi - Fi Access points and routers are also affected by Kr 00 k , making even environments with patched client devices vulnerable . As this vulnerability affects Wi - Fi chips used in devices manufactured by various vendors, the patching process involves both the chip manufacturers (Broadcom and Cypress)

Cisco on Monday unveiled SecureX, a new cloud-native security platform that aims to give businesses better visibility across their security portfolio via analytics and workflow automation. New Kr 00 k vulnerability lets attackers decrypt WiFi packets .

Patches should be already available for most devices by now

Furthermore, ESET has also worked during the past months to responsibly disclose the Kr00k bug to Boadcom, Cypress, and all other impacted companies.

"According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability by the time of publication," ESET researchers said today.

"Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple and Windows devices; some IoT devices), but may require a firmware update (access points, routers and some IoT devices)."

Users can check if they received Kr00k patches by checking their device OS/firmware changelogs for fixes against CVE-2019-15126, which is the unique ID assigned to track this bug.

However, one important point about Kr00k is that the bug does not lead to a full compromise of a user's communications. The bug can be exploited to break the encryption used to secure the WiFi channel. If the user's original communications were also encrypted -- such as accessing websites via HTTPS, using Tor, or encrypted IM clients -- then those communications would still remain encrypted even after a Kr00k attack.

Documentaries you can stream right now

  Documentaries you can stream right now We’ve already put together a list of sports documentaries for all you jonesing sports fans, but here are some other ones worth watching that you can stream right now.

Furthermore, the bug cannot be used part of automated botnet attacks, requires physical proximity to a victim (WiFi network range), and Kr00k cannot retrieve large and long-winded communications streams without the user noticing problems with their WiFi communications.

Not as bad as KRACK

All in all, the Kr00k vulnerability should be easier to protect against than KRACK -- a major vulnerability that impacted the WPA2 WiFi protocol and forced most device vendors to switch to using WPA3 by default.

A new KRACK attack, named Dragonblood, was later discovered to impact even some newer WPA3 connections, but this newer attack didn't impact the entire WiFi ecosystem as the original KRACK attack did.

ESET researchers said they discovered Kr00k while looking into the devastating effects of the KRACK attack; however, the two -- KRACK and Kr00K -- should not be considered the same.

Apple's latest iPad is back down to $250 in Amazon's tablet sale .
The 2020 GRAMMYs were full of memorable moments, including touching tributes and powerful performances.

—   Share news in the SOC. Networks
usr: 45
This is interesting!