vulnerability present in Wi-Fi chips, incorporated into devices such as computers, smartphones, tablets, Wi-Fi access points and routers, generates erroneous encryption keys that expose network packets to possible attacks.
Kr00k (CVE-2019-15126), as the vulnerability has been baptized, has put at risk the communications of one billion computers worldwide,
as ESET has alerted through a statement.
The vulnerability causes the network communication of an affected device to be encrypted with an encryption key composed of zeros. In a successful attack, this error allows an adversary to decrypt the wireless packets sent wirelessly.
Who does it affect?
The fault affects all devices with
Wi-Fi chips from Broadcom and Cypress without updating with the corresponding security patches, and they are using encryption
WPA2-Personal or WPA2-Enterprise. These are the most common Wi-Fi chips used in users' devices, as they indicate from the company. Wi-Fi access points and routers are also affected by the vulnerability, which makes even environments with patched user devices also vulnerable.
ESET prob and confirm that among the vulnerable devices were Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi) devices, as well as access points of Asus and Huawei.
What to do
"It is necessary to update all devices with Wi-Fi capability, including phones, tablets, laptops, IoT smart devices and WiFi access points and routers, to the latest firmware version provided by the manufacturer," recommends Josep Albors, responsible of Awareness and Research of ESET Spain.
After making the investigation known, most of the major manufacturers of affected devices have released patches with updates, as the European cybersecurity company has assured. Apple, for example, has already published updates for iOS 13 and macOS Catalina, which neutralize this attack.
. Kr00k (t) Wi-Fi chip vulnerability puts 1000 million devices at risk worldwide – LA NACION