Cloud Hosting

A vulnerability in Broadcom and Cypress WiFi chips makes it possible for attackers on your local WiFi network to decrypt your WPA2 encrypted internet traffic. The vuln, known as the Krk (kr00k) vulnerability, has the designation CVE-2019-15126, ESET, the discoverer of the kr00k vulnerability, estimated that over a billion devices were affected. Apple products such as iPhone, iPad, and Macs were all affected; however, Apple has since patched the issue for iOS and MacOS so make sure that you are up to date on your updates. Even with quick action to correct the vulnerability by affected parties, there will still be millions of devices that wont be patched and will remain vulnerable. What Krk really does is remind us as internet users why properly implemented encryption is important.

Apple described the impact of the kr00k vulnerability as such when they patched this vulnerability in October 2019:

An attacker in Wi-Fi range may be able to view a small amount of network traffic.

The Broadcom and Cypress WiFi chips have a built in feature that resets the encryption key to all zeroes in the event of a connection break between the access point and the target device. The thing is, some WPA2 encrypted packets from the target device would still continue to be sent during that time and an attacker could intercept and decrypt those by using an all-zeroes encryption key. Since the disconnection can be triggered at will by the attacker, this attack can be extremely targeted to decrypt a WiFi users internet activity at will.

While the attacker might not be able to decrypt HTTPS encrypted data and information that is sent to HTTPS sites that youre visiting like your banking website they still would be able to intercept domain name system (DNS) or server name indication (SNI) requests and know what websites youre visiting even if theyre otherwise secured through HTTPS.

While the CVE worked as intended and the main companies with affected chips were able to push out patches to fix the vuln, its still possible that there are unpatched devices out there for whatever reason. The researchers at ESET emphasized in their reporting:

Krk affects devices with Wi-Fi chips by Broadcom and Cypress that havent yet been patched. These are the most common Wi-Fi chips used in contemporary Wi-Fi capable devices such as smartphones, tablets, laptops, and IoT gadgets.

Its best to assume that WiFi encryption is incomplete and that WPA2 is not enough encryption to protect your internet traffic when youre on WiFi. Before kr00k, there was also the KRACK WPA2 WiFi vulnerability which affected even more devices. Even when youre on 4G networks, there are 4G vulnerabilities that allow decryption, tracking, spoofing, and spamming and some of them even remain unpatched. This isnt the first and it wont be the last vulnerability affecting WiFi encryption.

Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization. Caleb holds a Master's in Digital Currency from the University of Nicosia as well as a Bachelor's from the University of Virginia. He feels that the world is moving towards a better tomorrow, bit by bit by Bitcoin.

Read this article:
Krk WiFi vulnerability affected WiFi encryption on over a billion devices - Privacy News Online