Researchers Discover Wi-fi Bug Affecting Billions of iPhones, Macs, Android Devices

According to a paper published this week by researchers at security firm Eset, a Wi-Fi vulnerability found in chips made by Cypress Semiconductor and Broadcom allowed nearby hackers to decrypt sensitive data sent over the air, ArsTechnica is reporting.

Bug

The bug affected billions of devices, including iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3’s, and Wi-Fi routers from Asus and Huawei. The researchers discovered that the flaw dubbed ‘Kr00k’ primarily affects Cyperess’ and Broadcom’s FullMAC WLAN chips and it is tracked as CVE-2019-15126.

“This results in scenarios where client devices that are unaffected can be connected to an access point that is vulnerable,” wrote Eset researchers.

Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.

The researchers also noted that even though manufacturers have made patches available for most of the affected devices, it’s not clear how many devices have installed the patches.

Want to see more of our stories on Google?

Add iPhone in Canada as a Preferred Source on Google

P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
0
Would love your thoughts, please comment.x
()
x