Technology New Kr00k vulnerability lets attackers decrypt WiFi packets

09:05  27 february  2020
09:05  27 february  2020 Source:   zdnet.com

Netgear's Nighthawk WiFi 6 mesh routers aren't crazy expensive

  Netgear's Nighthawk WiFi 6 mesh routers aren't crazy expensive When Netgear introduced its Orbi WiFi 6 mesh router last fall, one of the things that stood out the most was its $700 price tag. Now, Netgear is ready to unveil a more affordable option. At CES this week, it introduced the Nighthawk Mesh WiFi 6 System, a router and satellite kit that will start at $229.99. The system will come with one or two satellites, and setup should be easy with the Nighthawk App. Each router and satellite will support speeds of up to 1.8 Gbps and should cover up to 1,500 square feet per node. The router includes two ethernet ports -- one for internet and one for LAN -- and each satellite has one ethernet port.

Today, at the RSA 2020 security conference in San Francisco, security researchers from Slovak antivirus company ESET will present details about a new vulnerability that impacts WiFi communications.

a circuit board © ZDNet

Named Kr00k, this bug can be exploited by an attacker to intercept and decrypt some type of WiFi network traffic (relying on WPA2 connections).

According to ESET, Kr00k affects all WiFi-capable devices running on Broadcom and Cypress Wi-Fi chips. These are two of the world's most popular WiFi chipsets, and they are included in almost everything, from laptops to smartphones, and from access points to smart speakers and other IoT devices.

Samsung's Neon explained: Just what exactly are these 'artificial humans'?

  Samsung's Neon explained: Just what exactly are these 'artificial humans'? Never mind weather reports and playlists -- Neon promises to keep your secrets, teach you yoga and help you find a great restaurant. But can the AI deliver?CNET's Shara Tibken had questions, too, but the answers she got from Neon CEO Pranav Mistry left her more confused than ever. And when Andrew Gebhart got the chance to interact with a Neon, the experience left him impressed more with the possibilities than the reality.

ESET researchers said they personally tested and confirmed that Kr00k impacts devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), but also access points from Asus and Huawei.

In a press release today, ESET said it believes that more than a billion devices are vulnerable to Kr00k, and they consider this number "a conservative estimate."

What's Kr00k?

At the technical level [PDF], Kr00k is just a bug, like many other bugs that are being discovered on a daily basis in the software that we all use.

The difference is that Kr00k impacts the encryption used to secure data packets sent over a WiFi connection.

Typically, these packets are encrypted with a unique key that depends on the user's WiFi password. However, ESET researchers say that for Broadcom and Cypress Wi-Fi chips, this key gets reset to an all-zero value during a process called "disassociation."

We go hands-on with the Black Shark 2 Pro gaming phone and its ridiculous specs

  We go hands-on with the Black Shark 2 Pro gaming phone and its ridiculous specs The powerful Black Shark 2 Pro gaming phone from Xiaomi makes a rare US appearance at CES, and I got to spend a little time with it.Gamingphones are right at home in the flashy confines of CES, but they also signal a subtle shift in the phone market toward more niche audiences. The Razer Phone launched in 2017, bringing with it a new category of phones built with features geared toward gaming. These features included an LCD display with a 120Hz refresh rate (instead of the standard 60Hz), a top-of-the-line Snapdragon processor and a logo on the back that glowed.

Disassociation is something that occurs naturally in a WiFi connection. It refers to a temporary disconnection that usually happens due to a low WiFi signal.

WiFi devices enter into disassociated states many times a day, and they're automatically configured to re-connect to the previously used network when this happens.

ESET researchers say that attackers can force devices into a prolonged disassociated state, receive WiFi packets meant for the attacked device, and then use the Kr00k bug to decrypt WiFi traffic using the all-zero key.

This attack scenario allows hackers to actively intercept and decrypt WiFi packets, normally considered to be secure.

The good news is that the Kr00k bug only impacts WiFi connections that use WPA2-Personal or WPA2-Enterprise WiFi security protocols, with AES-CCMP encryption.

This means that if you use a device with a Broadcom or Cypress WiFi chipset, you can protect yourself against attacks by using the newer WPA3 WiFi authentication protocol.

Google adds more security to Nest accounts

  Google adds more security to Nest accounts The company is adding security measures to Nest accounts, including those that haven't migrated over to Google just yet.Two-factor authentication is coming to the Nest platform. Starting in the spring, all Nest users who haven't enrolled in two-factor authentication or migrated to a Google account will be required to verify their identity via email.

Patches should be already available for most devices by now

Furthermore, ESET has also worked during the past months to responsibly disclose the Kr00k bug to Boadcom, Cypress, and all other impacted companies.

"According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability by the time of publication," ESET researchers said today.

"Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple and Windows devices; some IoT devices), but may require a firmware update (access points, routers and some IoT devices)."

Users can check if they received Kr00k patches by checking their device OS/firmware changelogs for fixes against CVE-2019-15126, which is the unique ID assigned to track this bug.

However, one important point about Kr00k is that the bug does not lead to a full compromise of a user's communications. The bug can be exploited to break the encryption used to secure the WiFi channel. If the user's original communications were also encrypted -- such as accessing websites via HTTPS, using Tor, or encrypted IM clients -- then those communications would still remain encrypted even after a Kr00k attack.

Facebook and privacy: Woman says she discovered a Facebook flaw that put millions' personal health data at risk

  Facebook and privacy: Woman says she discovered a Facebook flaw that put millions' personal health data at risk What if your membership in a Facebook health group you assumed was private wasn't secret? And what if marketers could easily learn your name and diagnosis? Andrea Downing, a tech project manager and breast cancer advocate, has spent the past two years trying to tell the world about this alarming prospect. Downing is an administrator for a private Facebook group helping women who have a gene mutation that puts them at risk for breast and ovarian cancer.In 2018, she began to worry that leaks of personal data such as the Cambridge Analytica scandal, which affected up to 87 million Facebook users, could happen in the health sphere.

Furthermore, the bug cannot be used part of automated botnet attacks, requires physical proximity to a victim (WiFi network range), and Kr00k cannot retrieve large and long-winded communications streams without the user noticing problems with their WiFi communications.

Not as bad as KRACK

All in all, the Kr00k vulnerability should be easier to protect against than KRACK -- a major vulnerability that impacted the WPA2 WiFi protocol and forced most device vendors to switch to using WPA3 by default.

A new KRACK attack, named Dragonblood, was later discovered to impact even some newer WPA3 connections, but this newer attack didn't impact the entire WiFi ecosystem as the original KRACK attack did.

ESET researchers said they discovered Kr00k while looking into the devastating effects of the KRACK attack; however, the two -- KRACK and Kr00K -- should not be considered the same.

Wi-Fi 6 will soon make your home internet even faster .
Wi-Fi 6 technology could set the stage for the fastest year yet for home internet. Wi-Fi 6: Not just faster, but a little easier to wrap your head around, too.

usr: 3
This is interesting!