At the ongoing RSA Conference USA 2020 in San Francisco, ESET, an antivirus company, shed light on Kr00k vulnerability that is affecting around a billion people having Wi-Fi chips manufactured by Broadcom and Cypress. It is a security bug or a flaw that forces devices to use a zero-encryption key to partly encrypt communication with the compromised device. Once the attack is complete, the attacker can easily exfiltrate information by intercepting and decrypting data packets sent over the WPA2 network.
These Wi-Fi chips have already been in use on many laptops, smartphones and IoT devices. In fact, ESET confirmed that before respective patches were applied to fix the flaw, the following devices were tested positive for kr00k vulnerability:
- Amazon Echo / Kindle
- Apple iPhone / iPad / MacBook
- Google Nexus
- Samsung Galaxy
- Raspberry Pi 3
- Xiaomi / RedMi
- And certain Asus and Huawei products
How Kr00k Works
When data is transmitted over the Wi-Fi, it is sent in packets (in this case, over WPA2 network). For data security purpose these packets are encrypted using a unique key. Researchers found that this unique key was getting set to all-zero value.
Disassociation (i.e. disconnection) in Wi-Fi networks is a common phenomenon that happens on a regular basis due to a weak internet signal. But Wi-Fi networks are configured to automatically reconnect to the previously used networks. While reconnecting, the kr00k vulnerability allowed attackers to set the data packet encryption key value to all-zero. Thus, it became easy for the attacker to intercept and decrypt all-zero encrypted packets.
Initially, ESET didn’t go public with its findings. It wanted to help all the stakeholders involved to first rectify the issue and avoid kr00k’s exploitation. Instead, they contacted Broadcom and Cypress to fix the issue and release a security patch to contain the damages. ESET also reported the kr00k vulnerability issue to ICASI to alert other impacted vendors.