According to a paper published this week by researchers at security firm Eset, a Wi-Fi vulnerability found in chips made by Cypress Semiconductor and Broadcom allowed nearby hackers to decrypt sensitive data sent over the air, ArsTechnica is reporting.
The bug affected billions of devices, including iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3’s, and Wi-Fi routers from Asus and Huawei. The researchers discovered that the flaw dubbed ‘Kr00k’ primarily affects Cyperess’ and Broadcom’s FullMAC WLAN chips and it is tracked as CVE-2019-15126.
“This results in scenarios where client devices that are unaffected can be connected to an access point that is vulnerable,” wrote Eset researchers.
Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.
The researchers also noted that even though manufacturers have made patches available for most of the affected devices, it’s not clear how many devices have installed the patches.