CVE-2019-15126 nicknamed as “Kr00k“ is a new vulnerability in Broadcom and Cypress Wi-Fi chips. The vulnerability was disclosed by ESET on RSA 2020 conference.
How Attack Works
Kr00k is a vulnerability that permits attackers to force Wi-Fi systems into dissociative states, granting the opportunity to decrypt packets sent over WPA2 Personal/Enterprise Wi-Fi channels. The attacker does not need to be connected to the victim’s wireless network
The attacker can use Kr00k to force a device to disconnect. After the device is disconnected, the Wi-Fi chip clears the session key in the memory and sets it to zero, but the chip transmits all data frames left in the buffer with an all-zero encryption key even after the disassociation.
List of client devices that ESET confirmed were vulnerable to Kr00k:
- Amazon Echo 2nd gen
- Amazon Kindle 8th gen
- Apple iPad mini 2
- Apple iPhone 6, 6S, 8, XR
- Apple MacBook Air Retina 13-inch 2018
- Google Nexus 5
- Google Nexus 6
- Google Nexus 6S
- Raspberry Pi 3
- Samsung Galaxy S4 GT-I9505
- Samsung Galaxy S8
- Xiaomi Redmi 3S
The researchers also found that the following wireless routers are vulnerable:
- Asus RT-N12
- Huawei B612S-25d
- Huawei EchoLife HG8245H
- Huawei E5577Cs-321
How Dangerous is the attack?
Kr00k affected billions of devices. As the attacker needs to have physical proximity to the Wi-Fi router, the risk of the exploit is considered low.
To receive a patch from the vendor, is it recommended to turn on automatic software updates on all devices as a best-practice.
Contacting LIFARS is Your Next (First?) Step for Handling Cyber Incidents.