A vulnerability linked to Wi-Fi chips has impacted billions of devices including iPhone and Android handsets. Attackers can decrypt data that was sent to affected handsets even if it was sent encrypted. The problem can be traced to Wi-Fi chips produced by Cypress Semiconductor and Broadcom. Cypress actually acquired Broadcom’s Wi-Fi business back in 2016. The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols.
Over a billion devices have been impacted by this vulnerability
Vulnerable devices transmit encrypted data that can be decrypted using a key made up of all zeroes
In its report, Eset said, “Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (Redmi), as well as some access points by Asus and Huawei, were vulnerable to KrØØk. This totaled to over a billion Wi-Fi-capable devices and access points, at a conservative estimate. Further, many other vendors whose products we did not test also use the affected chipsets in their devices.” Just the number of iPhone units affected by the vulnerability alone was over one billion.
Eset also noted that it tested other Wi-Fi chips made by manufacturers like Qualcomm, Realtek, Ralink, and Mediate and did not see the vulnerability appear with those companies’ components. This led the researchers to point out that “obviously, we have not tested every possible Wi-Fi chip by every manufacturer, so while we are currently not aware of other affected chips, we also cannot rule this out.”
In the conclusion to the report, Eset notes that patching affected devices could simply mean installing the latest OS update. Those with Android or iOS phones would be expected to handle the vulnerability in this manner. Routers and some IoT devices might require a firmware update. It should be pointed out that Eset reported the vulnerability to chipmakers Broadcom and Cypress, and also told Amazon. If you own an Android or iOS handset, make sure that your device is running the most up to date version of the operating system that is available to you.
KrOOK rears its ugly head when a mobile device is disassociated from a Wi-Fi connection; this happens when the signal is too low and a current Wi-Fi connection is temporarily disconnected. While this takes place on a device several times a day, the signal is usually reconnected automatically. Attackers can force a Wi-Fi connection to be disassociated on a device leading unsent data to be sent out over the air. Even if encryption was being used when Wi-Fi was connected, the data sent over the air by a vulnerable device uses an encryption key made up of all zeros making it easy for an attacker to decrypt sensitive data.