If we talk about Kr00k, you probably won't know what it is. An acronym that little and nothing tells us at first sight, but that is causing serious damage in the cell phone industry.
Kr00k is a virus that was reported by the central offices in Slovakia of ESET and it is a derivation (or evolution) of KRACK (Key Reinstallation Attacks) attacks that violate the WPA2 protocol.
This means that it takes advantage of entering through the data packets that circulate through the Wi-Fi connection, which allows to steal and decrypt what is sent from a device based on WPA2 networks.
This vulnerability is mainly affecting older cell phones, which use the popular Wi-Fi chips from Broadcom or Cypress. The list so they know if you can be in danger is the following:
- Apple iPad mini 2
- Apple iPhone 6
- Apple iPhone 6S
- Apple iPhone 8
- Apple iPhone XR
- Raspberry Pi 3
- Samsung Galaxy s4
- Samsung Galaxy S8
- Xiaomi Redmi 3S
- Amazon Echo2da generation
- Amazon Kindle 8th Generation
- Apple MacBook Air Retina 13 2018
- Google Nexus 5
- Google Nexus 6
- Google Nexus 6S
Cisco working on solutions
The good news, though, is that Cisco is working on Kr0ok and hopes to find solutions to prevent further infections soon. All this because they are users of Broadcom chips and several of their products are affected.
“Several Cisco wireless products are affected by this vulnerability. Cisco releases software updates that address this vulnerability. There are no solutions that address this vulnerability, ”said the firm.
The brand that gave more details on how the contagion with this dangerous virus was taking place.
“When a dissociation event is activated, an affected device will remove the PTK configured by the user as part of a sequence of cleaning operations. A series of Wi-Fi frames stored in the hardware output queue can be transmitted while encrypting with a weak and static PTK, ”he explained. There are two ways to acquire encrypted wifi frames with the static PTK:
- Activate the dissociation event by injecting malicious packets into the wireless network and capturing the frames sent after the event.
- Passively listening to the wireless network traffic and capturing the frames sent after a dissociation event.