Connect with us


Kr00k Wi-Fi Encryption flaw affects Billions of Devices: Report



Kr00k Wi-Fi Encryption flaw affects Billions of Devices

The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.

a Slovak internet security company spoke about the new Kr00k vulnerability (CVE-2019-15126). This issue can allow an attacker to decrypt wireless network packets transmitted from an insecure device. The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols with AES-CCMP encryption.

The vulnerability could have a severe impact on the IT sector, the flawed chips are used in over a billion devices, including routers, smartphones, tablets, laptops, and IoT gadgets.

Read More | Facebook Acquires VR Game Developer Sanzaru Games

ESET dubbed the vulnerability “KrØØk” to incorporate the zeros, and also because it’s related to the KRACK attack, a.k.a. Key Reinstallation Attacks, discovered in 2017.

The KRACK approach was an industry-wide problem in the WPA and WPA2 protocols for securing Wi-Fi that could cause “complete loss of control over data,” according to ICS-CERT.

It explained in an advisory at the time that KRACK “could allow an attacker to execute a ‘man-in-the-middle’ attack, enabling the attacker within radio range to replay, decrypt or spoof frames.”

Read More | Apple May soon let you choose Third-Party Mail, Browser Apps as Default on iOS

The issue is related to the KRACK (Key Reinstallation Attacks) that was discovered in October 2017 and that works against almost any WPA2 Wi-Fi network.

The attacker could exploit the Kr00k issue even by attackers that are not connected to the victim’s wireless network, the vulnerability works against vulnerable devices using WPA2-Personal or WPA2-Enterprise protocols, with AES-CCMP encryption.

How Kr00k Works

Threatpost reported, In Wi-Fi, whenever a device connects to an access point (AP), that’s called an association. When it disconnects (for instance when a person roams from one Wi-Fi AP to another, experiences signal interference or turns off Wi-Fi on the device) this is called disassociation.

“KrØØk manifests itself after a disassociation,” ESET researchers explained. “[Once disassociation happens], the session key stored in the Wireless Network Interface Controller’s (WNIC) Wi-Fi chip is cleared in-memory – set to zero.

This is expected behaviour, as no further data is supposed to be transmitted after the disassociation. However, we discovered that all data frames that were left in the chip’s transmit buffer were transmitted after being encrypted with this all-zero key.”

Because it uses all zeros, this “encryption” actually results in the data being decrypted and left in plain text.

The Securityaffairs Reported, When the attackers force the disconnection of the device from the wireless network, the Wi-Fi chip clears the session key in the memory and set it to zero, then the chip transmits all data frames left in the buffer with an all-zero encryption key even after the disassociation.

An attacker in near proximity to vulnerable devices can force repeatedly disassociations by sending packets over the air to capture more data frames.

Via: Threatpost

Source: Securityaffairs

Chanchal spends most of his time writing about the latest tech, Entertainment and he can be found watching nature documentaries